WP Security Audit Log - Version 2.6.1

Version Description

(2017-03-09) =

Bug Fixes
- Removed the PHP Session ID cookie created by mistake for non logged in users.

Release Info

Developer	WPWhiteSecurity
Plugin	WP Security Audit Log
Version	2.6.1
Comparing to
See all releases

Code changes from version 2.6 to 2.6.1

Files changed (10) hide show

classes/AuditLogListView.php +4 -6
classes/Lib/class-recursive-arrayaccess.php +139 -0
classes/Lib/class-wp-session.php +326 -0
classes/Lib/wp-session.php +176 -0
classes/Views/AuditLog.php +5 -11
classes/Views/Settings.php +1 -1
languages/wp-security-audit-log-es_ES.mo +0 -0
languages/wp-security-audit-log.pot +36 -36
readme.txt +8 -2
wp-security-audit-log.php +14 -1

classes/AuditLogListView.php CHANGED Viewed

	@@ -29,10 +29,6 @@ class WSAL_AuditLogListView extends WP_List_Table
29	'ajax' => true,
30	'screen' => 'interval-list',
31	));
32	-
33	- if (!session_id()) {
34	- @session_start();
35	- }
36	}
37
38	public function no_items()
	@@ -88,7 +84,8 @@ class WSAL_AuditLogListView extends WP_List_Table
88	// switch to live or archive DB
89	if ($this->_plugin->settings->IsArchivingEnabled()) {
90	$selected = 'live';
91	- ~~if (isset(~~$~~_SESSION['selected_db'])~~ && ~~$_SESSION['selected_db'] == 'archive'~~) {

92	$selected = 'archive';
93	}
94	?><div class="wsal-ssa wsal-db">
	@@ -422,7 +419,8 @@ class WSAL_AuditLogListView extends WP_List_Table
422	{
423	if ($this->_plugin->settings->IsArchivingEnabled()) {
424	// Switch to Archive DB
425	- ~~if (isset(~~$~~_SESSION['selected_db'])~~ && ~~$_SESSION['selected_db'] == 'archive'~~) {

426	$this->_plugin->settings->SwitchToArchiveDB();
427	}
428	}


29	'ajax' => true,
30	'screen' => 'interval-list',
31	));




32	}
33
34	public function no_items()

84	// switch to live or archive DB
85	if ($this->_plugin->settings->IsArchivingEnabled()) {
86	$selected = 'live';
87	+ $wp_session = WP_Session::get_instance();
88	+ if (isset($wp_session['selected_db']) && $wp_session['selected_db'] == 'archive') {
89	$selected = 'archive';
90	}
91	?><div class="wsal-ssa wsal-db">

419	{
420	if ($this->_plugin->settings->IsArchivingEnabled()) {
421	// Switch to Archive DB
422	+ $wp_session = WP_Session::get_instance();
423	+ if (isset($wp_session['selected_db']) && $wp_session['selected_db'] == 'archive') {
424	$this->_plugin->settings->SwitchToArchiveDB();
425	}
426	}

classes/Lib/class-recursive-arrayaccess.php ADDED Viewed

	@@ -0,0 +1,139 @@


1	+ <?php
2	+ /**
3	+ * Multidimensional ArrayAccess
4	+ *
5	+ * Allows ArrayAccess-like functionality with multidimensional arrays. Fully supports
6	+ * both sets and unsets.
7	+ *
8	+ * @package WordPress
9	+ * @subpackage Session
10	+ * @since 3.6.0
11	+ */
12	+
13	+ // Exit if accessed directly
14	+ if ( ! defined( 'ABSPATH' ) ) exit;
15	+
16	+ /**
17	+ * Recursive array class to allow multidimensional array access.
18	+ *
19	+ * @package WordPress
20	+ * @since 3.6.0
21	+ */
22	+ class Recursive_ArrayAccess implements ArrayAccess {
23	+ /**
24	+ * Internal data collection.
25	+ *
26	+ * @var array
27	+ */
28	+ protected $container = array();
29	+
30	+ /**
31	+ * Flag whether or not the internal collection has been changed.
32	+ *
33	+ * @var bool
34	+ */
35	+ protected $dirty = false;
36	+
37	+ /**
38	+ * Default object constructor.
39	+ *
40	+ * @param array $data
41	+ */
42	+ protected function __construct( $data = array() ) {
43	+ foreach ( $data as $key => $value ) {
44	+ $this[ $key ] = $value;
45	+ }
46	+ }
47	+
48	+ /**
49	+ * Allow deep copies of objects
50	+ */
51	+ public function __clone() {
52	+ foreach ( $this->container as $key => $value ) {
53	+ if ( $value instanceof self ) {
54	+ $this[ $key ] = clone $value;
55	+ }
56	+ }
57	+ }
58	+
59	+ /**
60	+ * Output the data container as a multidimensional array.
61	+ *
62	+ * @return array
63	+ */
64	+ public function toArray() {
65	+ $data = $this->container;
66	+ foreach ( $data as $key => $value ) {
67	+ if ( $value instanceof self ) {
68	+ $data[ $key ] = $value->toArray();
69	+ }
70	+ }
71	+ return $data;
72	+ }
73	+
74	+ /**
75	+ * ArrayAccess Implementation
76	+ **/
77	+
78	+ /**
79	+ * Whether a offset exists
80	+ *
81	+ * @link http://php.net/manual/en/arrayaccess.offsetexists.php
82	+ *
83	+ * @param mixed $offset An offset to check for.
84	+ *
85	+ * @return boolean true on success or false on failure.
86	+ */
87	+ public function offsetExists( $offset ) {
88	+ return isset( $this->container[ $offset ]) ;
89	+ }
90	+
91	+ /**
92	+ * Offset to retrieve
93	+ *
94	+ * @link http://php.net/manual/en/arrayaccess.offsetget.php
95	+ *
96	+ * @param mixed $offset The offset to retrieve.
97	+ *
98	+ * @return mixed Can return all value types.
99	+ */
100	+ public function offsetGet( $offset ) {
101	+ return isset( $this->container[ $offset ] ) ? $this->container[ $offset ] : null;
102	+ }
103	+
104	+ /**
105	+ * Offset to set
106	+ *
107	+ * @link http://php.net/manual/en/arrayaccess.offsetset.php
108	+ *
109	+ * @param mixed $offset The offset to assign the value to.
110	+ * @param mixed $value The value to set.
111	+ *
112	+ * @return void
113	+ */
114	+ public function offsetSet( $offset, $data ) {
115	+ if ( is_array( $data ) ) {
116	+ $data = new self( $data );
117	+ }
118	+ if ( $offset === null ) { // don't forget this!
119	+ $this->container[] = $data;
120	+ } else {
121	+ $this->container[ $offset ] = $data;
122	+ }
123	+
124	+ $this->dirty = true;
125	+ }
126	+
127	+ /**
128	+ * Offset to unset
129	+ *
130	+ * @link http://php.net/manual/en/arrayaccess.offsetunset.php
131	+ *
132	+ * @param mixed $offset The offset to unset.
133	+ *
134	+ * @return void
135	+ */
136	+ public function offsetUnset( $offset ) {
137	+ unset( $this->container[ $offset ] );
138	+ }
139	+ }

classes/Lib/class-wp-session.php ADDED Viewed

	@@ -0,0 +1,326 @@


1	+ <?php
2	+ /**
3	+ * WordPress session managment.
4	+ *
5	+ * Standardizes WordPress session data using database-backed options for storage.
6	+ * for storing user session information.
7	+ *
8	+ * @package WordPress
9	+ * @subpackage Session
10	+ * @since 3.7.0
11	+ */
12	+
13	+ // Exit if accessed directly
14	+ if ( ! defined( 'ABSPATH' ) ) exit;
15	+
16	+ /**
17	+ * WordPress Session class for managing user session data.
18	+ *
19	+ * @package WordPress
20	+ * @since 3.7.0
21	+ */
22	+ final class WP_Session extends Recursive_ArrayAccess implements Iterator, Countable {
23	+ /**
24	+ * ID of the current session.
25	+ *
26	+ * @var string
27	+ */
28	+ public $session_id;
29	+
30	+ /**
31	+ * Unix timestamp when session expires.
32	+ *
33	+ * @var int
34	+ */
35	+ protected $expires;
36	+
37	+ /**
38	+ * Unix timestamp indicating when the expiration time needs to be reset.
39	+ *
40	+ * @var int
41	+ */
42	+ protected $exp_variant;
43	+
44	+ /**
45	+ * Singleton instance.
46	+ *
47	+ * @var bool\|WP_Session
48	+ */
49	+ private static $instance = false;
50	+
51	+ /**
52	+ * Retrieve the current session instance.
53	+ *
54	+ * @param bool $session_id Session ID from which to populate data.
55	+ *
56	+ * @return bool\|WP_Session
57	+ */
58	+ public static function get_instance() {
59	+ if (!self::$instance) {
60	+ self::$instance = new self();
61	+ }
62	+
63	+ return self::$instance;
64	+ }
65	+
66	+ /**
67	+ * Default constructor.
68	+ * Will rebuild the session collection from the given session ID if it exists. Otherwise, will
69	+ * create a new session with that ID.
70	+ *
71	+ * @param $session_id
72	+ * @uses apply_filters Calls `wp_session_expiration` to determine how long until sessions expire.
73	+ */
74	+ protected function __construct() {
75	+ if (isset($_COOKIE[WP_SESSION_COOKIE])) {
76	+ $cookie = stripslashes($_COOKIE[WP_SESSION_COOKIE]);
77	+ $cookie_crumbs = explode('\|\|', $cookie);
78	+
79	+ if ($this->is_valid_md5($cookie_crumbs[0])) {
80	+ $this->session_id = $cookie_crumbs[0];
81	+ } else {
82	+ $this->regenerate_id(true);
83	+ }
84	+
85	+ $this->expires = $cookie_crumbs[1];
86	+ $this->exp_variant = $cookie_crumbs[2];
87	+
88	+ // Update the session expiration if we're past the variant time
89	+ if (time() > $this->exp_variant) {
90	+ $this->set_expiration();
91	+ delete_option("_wp_session_expires_{$this->session_id}");
92	+ add_option("_wp_session_expires_{$this->session_id}", $this->expires, '', 'no');
93	+ }
94	+ } else {
95	+ $this->session_id = $this->generate_id();
96	+ $this->set_expiration();
97	+ }
98	+ $this->read_data();
99	+
100	+ $this->set_cookie();
101	+ }
102	+
103	+ /**
104	+ * Set both the expiration time and the expiration variant.
105	+ *
106	+ * If the current time is below the variant, we don't update the session's expiration time. If it's
107	+ * greater than the variant, then we update the expiration time in the database. This prevents
108	+ * writing to the database on every page load for active sessions and only updates the expiration
109	+ * time if we're nearing when the session actually expires.
110	+ *
111	+ * By default, the expiration time is set to 30 minutes.
112	+ * By default, the expiration variant is set to 24 minutes.
113	+ *
114	+ * As a result, the session expiration time - at a maximum - will only be written to the database once
115	+ * every 24 minutes. After 30 minutes, the session will have been expired. No cookie will be sent by
116	+ * the browser, and the old session will be queued for deletion by the garbage collector.
117	+ *
118	+ * @uses apply_filters Calls `wp_session_expiration_variant` to get the max update window for session data.
119	+ * @uses apply_filters Calls `wp_session_expiration` to get the standard expiration time for sessions.
120	+ */
121	+ protected function set_expiration() {
122	+ $this->exp_variant = time() + (int) apply_filters('wp_session_expiration_variant', 24 * 60);
123	+ $this->expires = time() + (int) apply_filters('wp_session_expiration', 30 * 60);
124	+ }
125	+
126	+ /**
127	+ * Set the session cookie
128	+ */
129	+ protected function set_cookie() {
130	+ @setcookie(WP_SESSION_COOKIE, $this->session_id . '\|\|' . $this->expires . '\|\|' . $this->exp_variant, $this->expires, COOKIEPATH, COOKIE_DOMAIN);
131	+ }
132	+
133	+ /**
134	+ * Generate a cryptographically strong unique ID for the session token.
135	+ *
136	+ * @return string
137	+ */
138	+ protected function generate_id() {
139	+ require_once(ABSPATH . 'wp-includes/class-phpass.php');
140	+ $hasher = new PasswordHash(8, false);
141	+
142	+ return md5($hasher->get_random_bytes(32));
143	+ }
144	+
145	+ /**
146	+ * Checks if is valid md5 string
147	+ *
148	+ * @param string $md5
149	+ * @return int
150	+ */
151	+ protected function is_valid_md5($md5 = '') {
152	+ return preg_match('/^[a-f0-9]{32}$/', $md5);
153	+ }
154	+
155	+ /**
156	+ * Read data from a transient for the current session.
157	+ *
158	+ * Automatically resets the expiration time for the session transient to some time in the future.
159	+ *
160	+ * @return array
161	+ */
162	+ protected function read_data() {
163	+ $this->container = get_option("_wp_session_{$this->session_id}", array());
164	+
165	+ return $this->container;
166	+ }
167	+
168	+ /**
169	+ * Write the data from the current session to the data storage system.
170	+ */
171	+ public function write_data() {
172	+ $option_key = "_wp_session_{$this->session_id}";
173	+
174	+ // Only write the collection to the DB if it's changed.
175	+ if ($this->dirty) {
176	+ if (false === get_option($option_key)) {
177	+ add_option("_wp_session_{$this->session_id}", $this->container, '', 'no');
178	+ add_option("_wp_session_expires_{$this->session_id}", $this->expires, '', 'no');
179	+ } else {
180	+ delete_option("_wp_session_{$this->session_id}");
181	+ add_option("_wp_session_{$this->session_id}", $this->container, '', 'no');
182	+ }
183	+ }
184	+ }
185	+
186	+ /**
187	+ * Output the current container contents as a JSON-encoded string.
188	+ *
189	+ * @return string
190	+ */
191	+ public function json_out() {
192	+ return json_encode($this->container);
193	+ }
194	+
195	+ /**
196	+ * Decodes a JSON string and, if the object is an array, overwrites the session container with its contents.
197	+ *
198	+ * @param string $data
199	+ *
200	+ * @return bool
201	+ */
202	+ public function json_in($data) {
203	+ $array = json_decode($data);
204	+
205	+ if (is_array($array)) {
206	+ $this->container = $array;
207	+ return true;
208	+ }
209	+
210	+ return false;
211	+ }
212	+
213	+ /**
214	+ * Regenerate the current session's ID.
215	+ *
216	+ * @param bool $delete_old Flag whether or not to delete the old session data from the server.
217	+ */
218	+ public function regenerate_id($delete_old = false) {
219	+ if ($delete_old) {
220	+ delete_option("_wp_session_{$this->session_id}");
221	+ }
222	+
223	+ $this->session_id = $this->generate_id();
224	+
225	+ $this->set_cookie();
226	+ }
227	+
228	+ /**
229	+ * Check if a session has been initialized.
230	+ *
231	+ * @return bool
232	+ */
233	+ public function session_started() {
234	+ return !!self::$instance;
235	+ }
236	+
237	+ /**
238	+ * Return the read-only cache expiration value.
239	+ *
240	+ * @return int
241	+ */
242	+ public function cache_expiration() {
243	+ return $this->expires;
244	+ }
245	+
246	+ /**
247	+ * Flushes all session variables.
248	+ */
249	+ public function reset() {
250	+ $this->container = array();
251	+ }
252	+
253	+ /*****************************************************************/
254	+ /* Iterator Implementation */
255	+ /*****************************************************************/
256	+
257	+ /**
258	+ * Current position of the array.
259	+ *
260	+ * @link http://php.net/manual/en/iterator.current.php
261	+ *
262	+ * @return mixed
263	+ */
264	+ public function current() {
265	+ return current($this->container);
266	+ }
267	+
268	+ /**
269	+ * Key of the current element.
270	+ *
271	+ * @link http://php.net/manual/en/iterator.key.php
272	+ *
273	+ * @return mixed
274	+ */
275	+ public function key() {
276	+ return key($this->container);
277	+ }
278	+
279	+ /**
280	+ * Move the internal point of the container array to the next item
281	+ *
282	+ * @link http://php.net/manual/en/iterator.next.php
283	+ *
284	+ * @return void
285	+ */
286	+ public function next() {
287	+ next($this->container);
288	+ }
289	+
290	+ /**
291	+ * Rewind the internal point of the container array.
292	+ *
293	+ * @link http://php.net/manual/en/iterator.rewind.php
294	+ *
295	+ * @return void
296	+ */
297	+ public function rewind() {
298	+ reset($this->container);
299	+ }
300	+
301	+ /**
302	+ * Is the current key valid?
303	+ *
304	+ * @link http://php.net/manual/en/iterator.rewind.php
305	+ *
306	+ * @return bool
307	+ */
308	+ public function valid() {
309	+ return $this->offsetExists($this->key());
310	+ }
311	+
312	+ /*****************************************************************/
313	+ /* Countable Implementation */
314	+ /*****************************************************************/
315	+
316	+ /**
317	+ * Get the count of elements in the container array.
318	+ *
319	+ * @link http://php.net/manual/en/countable.count.php
320	+ *
321	+ * @return int
322	+ */
323	+ public function count() {
324	+ return count($this->container);
325	+ }
326	+ }

classes/Lib/wp-session.php ADDED Viewed

	@@ -0,0 +1,176 @@


1	+ <?php
2	+ /**
3	+ * WordPress session managment.
4	+ *
5	+ * Standardizes WordPress session data and uses either database transients or in-memory caching
6	+ * for storing user session information.
7	+ *
8	+ * @package WordPress
9	+ * @subpackage Session
10	+ * @since 3.7.0
11	+ */
12	+
13	+ // Exit if accessed directly
14	+ if (!defined('ABSPATH')) exit;
15	+
16	+ /**
17	+ * Return the current cache expire setting.
18	+ *
19	+ * @return int
20	+ */
21	+ function wp_session_cache_expire() {
22	+ $wp_session = WP_Session::get_instance();
23	+
24	+ return $wp_session->cache_expiration();
25	+ }
26	+
27	+ /**
28	+ * Alias of wp_session_write_close()
29	+ */
30	+ function wp_session_commit() {
31	+ wp_session_write_close();
32	+ }
33	+
34	+ /**
35	+ * Load a JSON-encoded string into the current session.
36	+ *
37	+ * @param string $data
38	+ */
39	+ function wp_session_decode($data) {
40	+ $wp_session = WP_Session::get_instance();
41	+
42	+ return $wp_session->json_in($data);
43	+ }
44	+
45	+ /**
46	+ * Encode the current session's data as a JSON string.
47	+ *
48	+ * @return string
49	+ */
50	+ function wp_session_encode() {
51	+ $wp_session = WP_Session::get_instance();
52	+
53	+ return $wp_session->json_out();
54	+ }
55	+
56	+ /**
57	+ * Regenerate the session ID.
58	+ *
59	+ * @param bool $delete_old_session
60	+ *
61	+ * @return bool
62	+ */
63	+ function wp_session_regenerate_id($delete_old_session = false) {
64	+ $wp_session = WP_Session::get_instance();
65	+
66	+ $wp_session->regenerate_id($delete_old_session);
67	+
68	+ return true;
69	+ }
70	+
71	+ /**
72	+ * Start new or resume existing session.
73	+ *
74	+ * Resumes an existing session based on a value sent by the _wp_session cookie.
75	+ *
76	+ * @return bool
77	+ */
78	+ function wp_session_start() {
79	+ $wp_session = WP_Session::get_instance();
80	+ do_action('wp_session_start');
81	+
82	+ return $wp_session->session_started();
83	+ }
84	+ // Removed
85	+ //add_action( 'plugins_loaded', 'wp_session_start' );
86	+
87	+ /**
88	+ * Return the current session status.
89	+ *
90	+ * @return int
91	+ */
92	+ function wp_session_status() {
93	+ $wp_session = WP_Session::get_instance();
94	+
95	+ if ($wp_session->session_started()) {
96	+ return PHP_SESSION_ACTIVE;
97	+ }
98	+
99	+ return PHP_SESSION_NONE;
100	+ }
101	+
102	+ /**
103	+ * Unset all session variables.
104	+ */
105	+ function wp_session_unset() {
106	+ $wp_session = WP_Session::get_instance();
107	+
108	+ $wp_session->reset();
109	+ }
110	+
111	+ /**
112	+ * Write session data and end session
113	+ */
114	+ function wp_session_write_close() {
115	+ $wp_session = WP_Session::get_instance();
116	+
117	+ $wp_session->write_data();
118	+ do_action('wp_session_commit');
119	+ }
120	+ add_action('shutdown', 'wp_session_write_close');
121	+ add_action('wp_logout', 'wp_session_unset');
122	+
123	+ /**
124	+ * Clean up expired sessions by removing data and their expiration entries from
125	+ * the WordPress options table.
126	+ *
127	+ * This method should never be called directly and should instead be triggered as part
128	+ * of a scheduled task or cron job.
129	+ */
130	+ function wp_session_cleanup() {
131	+ global $wpdb;
132	+
133	+ if (defined('WP_SETUP_CONFIG')) {
134	+ return;
135	+ }
136	+
137	+ if (!defined('WP_INSTALLING')) {
138	+ $expiration_keys = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options WHERE option_name LIKE '_wp_session_expires_%'");
139	+
140	+ $now = current_time('timestamp');
141	+ $expired_sessions = array();
142	+
143	+ foreach ($expiration_keys as $expiration) {
144	+ // If the session has expired
145	+ if ($now > intval($expiration->option_value)) {
146	+ // Get the session ID by parsing the option_name
147	+ $session_id = substr($expiration->option_name, 20);
148	+
149	+ if ((int) -1 === (int) $session_id \|\| !preg_match('/^[a-f0-9]{32}$/', $session_id)) {
150	+ continue;
151	+ }
152	+ $expired_sessions[] = $expiration->option_name;
153	+ $expired_sessions[] = esc_sql("_wp_session_$session_id");
154	+ }
155	+ }
156	+ // Delete all expired sessions in a single query
157	+ if (!empty($expired_sessions)) {
158	+ $option_names = implode("','", $expired_sessions);
159	+ $wpdb->query("DELETE FROM $wpdb->options WHERE option_name IN ('$option_names')");
160	+ }
161	+ }
162	+
163	+ // Allow other plugins to hook in to the garbage collection process.
164	+ do_action('wp_session_cleanup');
165	+ }
166	+ add_action('wp_session_garbage_collection', 'wp_session_cleanup');
167	+
168	+ /**
169	+ * Register the garbage collector as a twice daily event.
170	+ */
171	+ function wp_session_register_garbage_collection() {
172	+ if (!wp_next_scheduled('wp_session_garbage_collection')) {
173	+ wp_schedule_event(current_time('timestamp'), 'twicedaily', 'wp_session_garbage_collection');
174	+ }
175	+ }
176	+ add_action('wp', 'wp_session_register_garbage_collection');

classes/Views/AuditLog.php CHANGED Viewed

	@@ -22,10 +22,6 @@ class WSAL_Views_AuditLog extends WSAL_AbstractView {
22	$data = get_plugin_data($plugin_file, false, false);
23	$this->_version = isset($data['Version']) ? $data['Version'] : '0.0.0';
24	$this->RegisterNotice('premium-wsal-'.$this->_version);
25	-
26	- if (!session_id()) {
27	- @session_start();
28	- }
29	}
30
31	public function AdminNoticesPremium()
	@@ -109,8 +105,7 @@ class WSAL_Views_AuditLog extends WSAL_AbstractView {
109	),
110	)); ?>);
111	});
112	- </script>
113	- <?php
114	}
115
116	public function AjaxInspector() {
	@@ -150,10 +145,10 @@ class WSAL_Views_AuditLog extends WSAL_AbstractView {
150	$max = 40; // 40*500msec = 20sec
151
152	$is_archive = false;
153	- ~~if (isset(~~$~~_SESSION['selected_db'])~~ && ~~$_SESSION['selected_db'] == 'archive'~~) {

154	$is_archive = true;
155	}
156	- session_write_close(); // fixes session lock issue
157
158	do {
159	$occ = new WSAL_Models_Occurrence();
	@@ -204,13 +199,13 @@ class WSAL_Views_AuditLog extends WSAL_AbstractView {
204
205	public function AjaxSwitchDB() {
206	if (isset($_REQUEST['selected_db'])) {
207	- $~~_SESSION['selected_db']~~ = ~~$_REQUEST['selected_db']~~;

208	}
209	}
210
211	public function Header() {
212	add_thickbox();
213	- wp_enqueue_style('darktooltip', $this->_plugin->GetBaseUrl() . '/css/darktooltip.css', array(), '');
214	wp_enqueue_style(
215	'auditlog',
216	$this->_plugin->GetBaseUrl() . '/css/auditlog.css',
	@@ -221,7 +216,6 @@ class WSAL_Views_AuditLog extends WSAL_AbstractView {
221
222	public function Footer() {
223	wp_enqueue_script('jquery');
224	- wp_enqueue_script('darktooltip', $this->_plugin->GetBaseUrl() . '/js/jquery.darktooltip.js', array('jquery'), '');
225	wp_enqueue_script('suggest');
226	wp_enqueue_script(
227	'auditlog',


22	$data = get_plugin_data($plugin_file, false, false);
23	$this->_version = isset($data['Version']) ? $data['Version'] : '0.0.0';
24	$this->RegisterNotice('premium-wsal-'.$this->_version);




25	}
26
27	public function AdminNoticesPremium()

105	),
106	)); ?>);
107	});
108	+ </script><?php

109	}
110
111	public function AjaxInspector() {

145	$max = 40; // 40*500msec = 20sec
146
147	$is_archive = false;
148	+ $wp_session = WP_Session::get_instance();
149	+ if (isset($wp_session['selected_db']) && $wp_session['selected_db'] == 'archive') {
150	$is_archive = true;
151	}

152
153	do {
154	$occ = new WSAL_Models_Occurrence();

199
200	public function AjaxSwitchDB() {
201	if (isset($_REQUEST['selected_db'])) {
202	+ $wp_session = WP_Session::get_instance();
203	+ $wp_session['selected_db'] = $_REQUEST['selected_db'];
204	}
205	}
206
207	public function Header() {
208	add_thickbox();

209	wp_enqueue_style(
210	'auditlog',
211	$this->_plugin->GetBaseUrl() . '/css/auditlog.css',

216
217	public function Footer() {
218	wp_enqueue_script('jquery');

219	wp_enqueue_script('suggest');
220	wp_enqueue_script(
221	'auditlog',

classes/Views/Settings.php CHANGED Viewed

	@@ -473,7 +473,7 @@ class WSAL_Views_Settings extends WSAL_AbstractView
473	<span><?php _e('WordPress\' timezone', 'wp-security-audit-log'); ?></span>
474	</label>
475	<br/>
476	- <span class="description"><?php _e('Select which timestamp ~~should~~ the alerts have in the Audit Log viewer. Note that the WordPress\' timezone might be different from that of the server.', 'wp-security-audit-log'); ?></span>
477	</fieldset>
478	</td>
479	</tr>


473	<span><?php _e('WordPress\' timezone', 'wp-security-audit-log'); ?></span>
474	</label>
475	<br/>
476	+ <span class="description"><?php _e('Select which timestamp the alerts should have in the Audit Log viewer. Note that the WordPress\' timezone might be different from that of the server.', 'wp-security-audit-log'); ?></span>
477	</fieldset>
478	</td>
479	</tr>

languages/wp-security-audit-log-es_ES.mo ADDED Viewed

Binary file

languages/wp-security-audit-log.pot CHANGED Viewed

	@@ -2,10 +2,10 @@
2	# This file is distributed under the same license as the WP Security Audit Log package.
3	msgid ""
4	msgstr ""
5	- "Project-Id-Version: WP Security Audit Log 2.6\n"
6	"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/wp-security-audit-"
7	"log\n"
8	- "POT-Creation-Date: 2017-02-08 ~~07:~~06:17+00:00\n"
9	"MIME-Version: 1.0\n"
10	"Content-Type: text/plain; charset=UTF-8\n"
11	"Content-Transfer-Encoding: 8bit\n"
	@@ -13,97 +13,97 @@ msgstr ""
13	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14	"Language-Team: LANGUAGE <LL@li.org>\n"
15
16	- #: classes/AuditLogListView.php:40
17	msgid "No events so far."
18	msgstr ""
19
20	- #: classes/AuditLogListView.php:46
21	msgid "Other"
22	msgstr ""
23
24	- #: classes/AuditLogListView.php:53
25	msgid "Show "
26	msgstr ""
27
28	- #: classes/AuditLogListView.php:63
29	msgid " Items"
30	msgstr ""
31
32	- #: classes/AuditLogListView.php:76 classes/Views/AuditLog.php:~~103~~
33	msgid "All Sites"
34	msgstr ""
35
36	- #: classes/AuditLogListView.php:96
37	msgid "Live Database"
38	msgstr ""
39
40	- #: classes/AuditLogListView.php:97
41	msgid "Archive Database"
42	msgstr ""
43
44	- #: classes/AuditLogListView.php:~~138~~ classes/AuditLogListView.php:~~155~~
45	#: classes/Views/ToggleAlerts.php:75
46	msgid "Code"
47	msgstr ""
48
49	- #: classes/AuditLogListView.php:~~139~~ classes/AuditLogListView.php:~~158~~
50	#: classes/Views/ToggleAlerts.php:76
51	msgid "Type"
52	msgstr ""
53
54	- #: classes/AuditLogListView.php:~~140~~ classes/AuditLogListView.php:~~161~~
55	msgid "Date"
56	msgstr ""
57
58	- #: classes/AuditLogListView.php:~~141~~ classes/AuditLogListView.php:~~164~~
59	msgid "Username"
60	msgstr ""
61
62	- #: classes/AuditLogListView.php:~~142~~ classes/AuditLogListView.php:~~167~~
63	msgid "Source IP"
64	msgstr ""
65
66	- #: classes/AuditLogListView.php:~~145~~ classes/AuditLogListView.php:~~170~~
67	msgid "Site"
68	msgstr ""
69
70	- #: classes/AuditLogListView.php:~~147~~ classes/AuditLogListView.php:~~173~~
71	msgid "Message"
72	msgstr ""
73
74	- #: classes/AuditLogListView.php:~~211~~
75	msgid "Click to toggle."
76	msgstr ""
77
78	- #: classes/AuditLogListView.php:~~214~~
79	msgid "Disable this type of alerts."
80	msgstr ""
81
82	- #: classes/AuditLogListView.php:~~219~~
83	msgid "Unknown error code."
84	msgstr ""
85
86	- #: classes/AuditLogListView.php:~~250~~
87	msgid "Unknown"
88	msgstr ""
89
90	- #: classes/AuditLogListView.php:~~254~~
91	msgid "Plugin"
92	msgstr ""
93
94	- #: classes/AuditLogListView.php:~~258~~
95	msgid "Plugins"
96	msgstr ""
97
98	- #: classes/AuditLogListView.php:~~262~~
99	msgid "Website Visitor"
100	msgstr ""
101
102	- #: classes/AuditLogListView.php:~~266~~
103	msgid "System"
104	msgstr ""
105
106	- #: classes/AuditLogListView.php:~~294~~
107	msgid "Alert Data Inspector"
108	msgstr ""
109
	@@ -240,33 +240,33 @@ msgstr ""
240	msgid "Professional WordPress security services provided by WP White Security"
241	msgstr ""
242
243	- #: classes/Views/AuditLog.php:39
244	msgid "Upgrade to Premium"
245	msgstr ""
246
247	- #: classes/Views/AuditLog.php:40
248	msgid ""
249	"and add Email Alerts, Reports, Search and Users Login and Session Management."
250	msgstr ""
251
252	- #: classes/Views/AuditLog.php:41
253	msgid "Upgrade Now!"
254	msgstr ""
255
256	- #: classes/Views/AuditLog.php:55 classes/Views/AuditLog.php:65
257	msgid "Audit Log Viewer"
258	msgstr ""
259
260	- #: classes/Views/AuditLog.php:81 classes/Views/Licensing.php:34
261	#: classes/Views/Settings.php:111 classes/Views/ToggleAlerts.php:30
262	msgid "You do not have sufficient permissions to access this page."
263	msgstr ""
264
265	- #: classes/Views/AuditLog.php:~~102~~
266	msgid "Please enter the number of alerts you would like to see on one page:"
267	msgstr ""
268
269	- #: classes/Views/AuditLog.php:~~104~~
270	msgid "No Results"
271	msgstr ""
272
	@@ -797,7 +797,7 @@ msgstr ""
797
798	#: classes/Views/Settings.php:476
799	msgid ""
800	- "Select which timestamp ~~should~~ the alerts have in the Audit Log viewer. Note "
801	"that the WordPress' timezone might be different from that of the server."
802	msgstr ""
803
	@@ -2932,7 +2932,7 @@ msgstr ""
2932	msgid "%Status% guest checkout in WooCommerce."
2933	msgstr ""
2934
2935	- #: wp-security-audit-log.php:~~281~~
2936	msgid ""
2937	"You are using a version of PHP that is older than %s, which is no longer "
2938	"supported.<br/>Contact us on <a href=\"mailto:plugins@wpwhitesecurity.com"
	@@ -2944,9 +2944,9 @@ msgstr ""
2944	msgid "WP Security Audit Log"
2945	msgstr ""
2946
2947	- #. #-#-#-#-# plugin.pot (WP Security Audit Log 2.6) #-#-#-#-#
2948	#. Plugin URI of the plugin/theme
2949	- #. #-#-#-#-# plugin.pot (WP Security Audit Log 2.6) #-#-#-#-#
2950	#. Author URI of the plugin/theme
2951	msgid "http://www.wpsecurityauditlog.com/"
2952	msgstr ""


2	# This file is distributed under the same license as the WP Security Audit Log package.
3	msgid ""
4	msgstr ""
5	+ "Project-Id-Version: WP Security Audit Log 2.6.1\n"
6	"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/wp-security-audit-"
7	"log\n"
8	+ "POT-Creation-Date: 2017-03-09 06:08:43+00:00\n"
9	"MIME-Version: 1.0\n"
10	"Content-Type: text/plain; charset=UTF-8\n"
11	"Content-Transfer-Encoding: 8bit\n"

13	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14	"Language-Team: LANGUAGE <LL@li.org>\n"
15
16	+ #: classes/AuditLogListView.php:36
17	msgid "No events so far."
18	msgstr ""
19
20	+ #: classes/AuditLogListView.php:42
21	msgid "Other"
22	msgstr ""
23
24	+ #: classes/AuditLogListView.php:49
25	msgid "Show "
26	msgstr ""
27
28	+ #: classes/AuditLogListView.php:59
29	msgid " Items"
30	msgstr ""
31
32	+ #: classes/AuditLogListView.php:72 classes/Views/AuditLog.php:99
33	msgid "All Sites"
34	msgstr ""
35
36	+ #: classes/AuditLogListView.php:93
37	msgid "Live Database"
38	msgstr ""
39
40	+ #: classes/AuditLogListView.php:94
41	msgid "Archive Database"
42	msgstr ""
43
44	+ #: classes/AuditLogListView.php:135 classes/AuditLogListView.php:152
45	#: classes/Views/ToggleAlerts.php:75
46	msgid "Code"
47	msgstr ""
48
49	+ #: classes/AuditLogListView.php:136 classes/AuditLogListView.php:155
50	#: classes/Views/ToggleAlerts.php:76
51	msgid "Type"
52	msgstr ""
53
54	+ #: classes/AuditLogListView.php:137 classes/AuditLogListView.php:158
55	msgid "Date"
56	msgstr ""
57
58	+ #: classes/AuditLogListView.php:138 classes/AuditLogListView.php:161
59	msgid "Username"
60	msgstr ""
61
62	+ #: classes/AuditLogListView.php:139 classes/AuditLogListView.php:164
63	msgid "Source IP"
64	msgstr ""
65
66	+ #: classes/AuditLogListView.php:142 classes/AuditLogListView.php:167
67	msgid "Site"
68	msgstr ""
69
70	+ #: classes/AuditLogListView.php:144 classes/AuditLogListView.php:170
71	msgid "Message"
72	msgstr ""
73
74	+ #: classes/AuditLogListView.php:208
75	msgid "Click to toggle."
76	msgstr ""
77
78	+ #: classes/AuditLogListView.php:211
79	msgid "Disable this type of alerts."
80	msgstr ""
81
82	+ #: classes/AuditLogListView.php:216
83	msgid "Unknown error code."
84	msgstr ""
85
86	+ #: classes/AuditLogListView.php:247
87	msgid "Unknown"
88	msgstr ""
89
90	+ #: classes/AuditLogListView.php:251
91	msgid "Plugin"
92	msgstr ""
93
94	+ #: classes/AuditLogListView.php:255
95	msgid "Plugins"
96	msgstr ""
97
98	+ #: classes/AuditLogListView.php:259
99	msgid "Website Visitor"
100	msgstr ""
101
102	+ #: classes/AuditLogListView.php:263
103	msgid "System"
104	msgstr ""
105
106	+ #: classes/AuditLogListView.php:291
107	msgid "Alert Data Inspector"
108	msgstr ""
109

240	msgid "Professional WordPress security services provided by WP White Security"
241	msgstr ""
242
243	+ #: classes/Views/AuditLog.php:35
244	msgid "Upgrade to Premium"
245	msgstr ""
246
247	+ #: classes/Views/AuditLog.php:36
248	msgid ""
249	"and add Email Alerts, Reports, Search and Users Login and Session Management."
250	msgstr ""
251
252	+ #: classes/Views/AuditLog.php:37
253	msgid "Upgrade Now!"
254	msgstr ""
255
256	+ #: classes/Views/AuditLog.php:51 classes/Views/AuditLog.php:61
257	msgid "Audit Log Viewer"
258	msgstr ""
259
260	+ #: classes/Views/AuditLog.php:77 classes/Views/Licensing.php:34
261	#: classes/Views/Settings.php:111 classes/Views/ToggleAlerts.php:30
262	msgid "You do not have sufficient permissions to access this page."
263	msgstr ""
264
265	+ #: classes/Views/AuditLog.php:98
266	msgid "Please enter the number of alerts you would like to see on one page:"
267	msgstr ""
268
269	+ #: classes/Views/AuditLog.php:100
270	msgid "No Results"
271	msgstr ""
272

797
798	#: classes/Views/Settings.php:476
799	msgid ""
800	+ "Select which timestamp the alerts should have in the Audit Log viewer. Note "
801	"that the WordPress' timezone might be different from that of the server."
802	msgstr ""
803

2932	msgid "%Status% guest checkout in WooCommerce."
2933	msgstr ""
2934
2935	+ #: wp-security-audit-log.php:293
2936	msgid ""
2937	"You are using a version of PHP that is older than %s, which is no longer "
2938	"supported.<br/>Contact us on <a href=\"mailto:plugins@wpwhitesecurity.com"

2944	msgid "WP Security Audit Log"
2945	msgstr ""
2946
2947	+ #. #-#-#-#-# plugin.pot (WP Security Audit Log 2.6.1) #-#-#-#-#
2948	#. Plugin URI of the plugin/theme
2949	+ #. #-#-#-#-# plugin.pot (WP Security Audit Log 2.6.1) #-#-#-#-#
2950	#. Author URI of the plugin/theme
2951	msgid "http://www.wpsecurityauditlog.com/"
2952	msgstr ""

readme.txt CHANGED Viewed

	@@ -6,8 +6,8 @@ License: GPLv3
6	License URI: http://www.gnu.org/licenses/gpl.html
7	Tags: wordpress security plugin, wordpress security audit log, audit log, wordpress log, event log wordpress, wordpress user tracking, wordpress activity log, wordpress audit, security event log, audit trail, security audit trail, wordpress security alerts, wordpress monitor, wordpress security monitor, wordpress admin, wordpress admin monitoring, analytics, activity, admin, multisite, wordpress multisite, actions, dashboard, log, notification, wordpress monitoring, email notification, wordpress email alerts, tracking, user tracking, user activity report, wordpress audit trail
8	Requires at least: 3.6
9	- Tested up to: 4.7.2
10	- Stable tag: 2.6
11
12	Keep an audit trail of all changes and under the hood WordPress activity to ensure productivity and thwart possible WordPress hacker attacks.
13
	@@ -139,6 +139,7 @@ We need help translating the plugin and the WordPress Security Alerts. Please vi
139
140	* Italian translation by [Leonardo Musumeci](http://leonardomusumeci.net/)
141	* German translation by [Mourad Louha](http://excel-translator.de)

142
143	= Related Links and Documentation =
144	For more information and to get started with WordPress Security, check out the following:
	@@ -185,6 +186,11 @@ Please refer to the [FAQs page](https://www.wpsecurityauditlog.com/documentation
185
186	== Changelog ==
187





188	= 2.6 (2017-02-08) =
189
190	* New Features


6	License URI: http://www.gnu.org/licenses/gpl.html
7	Tags: wordpress security plugin, wordpress security audit log, audit log, wordpress log, event log wordpress, wordpress user tracking, wordpress activity log, wordpress audit, security event log, audit trail, security audit trail, wordpress security alerts, wordpress monitor, wordpress security monitor, wordpress admin, wordpress admin monitoring, analytics, activity, admin, multisite, wordpress multisite, actions, dashboard, log, notification, wordpress monitoring, email notification, wordpress email alerts, tracking, user tracking, user activity report, wordpress audit trail
8	Requires at least: 3.6
9	+ Tested up to: 4.7.3
10	+ Stable tag: 2.6.1
11
12	Keep an audit trail of all changes and under the hood WordPress activity to ensure productivity and thwart possible WordPress hacker attacks.
13

139
140	* Italian translation by [Leonardo Musumeci](http://leonardomusumeci.net/)
141	* German translation by [Mourad Louha](http://excel-translator.de)
142	+ * Spanish translation by the [WP Body](https://wpbody.com/) team
143
144	= Related Links and Documentation =
145	For more information and to get started with WordPress Security, check out the following:

186
187	== Changelog ==
188
189	+ = 2.6.1 (2017-03-09) =
190	+
191	+ * Bug Fixes
192	+ * Removed the PHP Session ID cookie created by mistake for non logged in users.
193	+
194	= 2.6 (2017-02-08) =
195
196	* New Features

wp-security-audit-log.php CHANGED Viewed

	@@ -4,7 +4,7 @@ Plugin Name: WP Security Audit Log
4	Plugin URI: http://www.wpsecurityauditlog.com/
5	Description: Identify WordPress security issues before they become a problem. Keep track of everything happening on your WordPress including WordPress users activity. Similar to Windows Event Log and Linux Syslog, WP Security Audit Log generates a security alert for everything that happens on your WordPress blogs and websites. Use the Audit Log Viewer included in the plugin to see all the security alerts.
6	Author: WP White Security
7	- Version: 2.6
8	Text Domain: wp-security-audit-log
9	Author URI: http://www.wpsecurityauditlog.com/
10	License: GPL2
	@@ -125,6 +125,18 @@ class WpSecurityAuditLog {
125	require_once('classes/Models/Query.php');
126	require_once('classes/Models/OccurrenceQuery.php');
127	require_once('classes/Models/Option.php');












128
129	// load autoloader and register base paths
130	require_once('classes/Autoloader.php');
	@@ -684,6 +696,7 @@ class WpSecurityAuditLog {
684	$this->options = new WSAL_Models_Option();
685	return $this->options->SetOptionValue($option, $value);
686	}

687	// </editor-fold>
688	}
689


4	Plugin URI: http://www.wpsecurityauditlog.com/
5	Description: Identify WordPress security issues before they become a problem. Keep track of everything happening on your WordPress including WordPress users activity. Similar to Windows Event Log and Linux Syslog, WP Security Audit Log generates a security alert for everything that happens on your WordPress blogs and websites. Use the Audit Log Viewer included in the plugin to see all the security alerts.
6	Author: WP White Security
7	+ Version: 2.6.1
8	Text Domain: wp-security-audit-log
9	Author URI: http://www.wpsecurityauditlog.com/
10	License: GPL2

125	require_once('classes/Models/Query.php');
126	require_once('classes/Models/OccurrenceQuery.php');
127	require_once('classes/Models/Option.php');
128	+
129	+ // Use WP_Session (default)
130	+ if (!defined('WP_SESSION_COOKIE')) {
131	+ define('WP_SESSION_COOKIE', 'wsal_wp_session');
132	+ }
133	+ if (!class_exists('Recursive_ArrayAccess')) {
134	+ require_once('classes/Lib/class-recursive-arrayaccess.php');
135	+ }
136	+ if (!class_exists('WP_Session')) {
137	+ require_once('classes/Lib/class-wp-session.php');
138	+ require_once('classes/Lib/wp-session.php');
139	+ }
140
141	// load autoloader and register base paths
142	require_once('classes/Autoloader.php');

696	$this->options = new WSAL_Models_Option();
697	return $this->options->SetOptionValue($option, $value);
698	}
699	+
700	// </editor-fold>
701	}
702