WordPress.org

Plugin Directory

Changeset 1660615 for simple-login-log


Ignore:
Timestamp:
05/19/17 05:27:58 (7 months ago)
Author:
maxchirkov
Message:
  • Fixed: logins were not recorded due to (multiple) agent roles assigned to the same user a longer than 30 characters.
  • Fixed: sql injection vulnerability.
Location:
simple-login-log/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • simple-login-log/trunk/readme.txt

    r1484117 r1660615  
    44Tags: login, log, users 
    55Requires at least: 3.0 
    6 Tested up to: 4.6 
    7 Stable tag: 1.1.1 
     6Tested up to: 4.7.5 
     7Stable tag: 1.1.2 
    88 
    99This plugin keeps a log of WordPress user logins. Offers user and date filtering, and export features. 
     
    4949 
    5050== Changelog == 
     51 
     52**Version 1.1.2** 
     53 
     54- Fixed: logins were not recorded due to (multiple) agent roles assigned to the same user a longer than 30 characters. 
     55- Fixed: sql injection vulnerability. 
    5156 
    5257**Version 1.1.0** 
  • simple-login-log/trunk/simple-login-log.php

    r1484117 r1660615  
    55  Description: This plugin keeps a log of WordPress user logins. Offers user filtering and export features. 
    66  Author: Max Chirkov 
    7   Version: 1.1.1 
     7  Version: 1.1.2 
    88  Author URI: http://SimpleRealtyTheme.com 
    99 */ 
     
    1616 class SimpleLoginLog 
    1717 { 
    18     private $db_ver = "1.2"; 
     18    private $db_ver = "1.3"; 
    1919    public $table = 'simple_login_log'; 
    2020    private $log_duration = null; //days 
     
    191191            $start = time(); 
    192192            wp_schedule_event($start, 'daily', 'truncate_sll'); 
    193         }elseif( !$log_duration || 0 == $log_duration) 
     193        } elseif( !$log_duration || 0 == $log_duration) 
    194194        { 
    195195            $timestamp = wp_next_scheduled( 'truncate_sll' ); 
     
    200200 
    201201 
    202     function deactivation(){ 
     202    function deactivation() 
     203    { 
    203204        wp_clear_scheduled_hook('truncate_sll'); 
    204205 
     
    263264                        uid INT( 11 ) NOT NULL , 
    264265                        user_login VARCHAR( 60 ) NOT NULL , 
    265                         user_role VARCHAR( 30 ) NOT NULL , 
     266                        user_role VARCHAR( 255 ) NOT NULL , 
    266267                        time DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL , 
    267268                        ip VARCHAR( 100 ) NOT NULL , 
     
    285286    /** 
    286287    * Checks if the installed database version is the same as the db version of the current plugin 
    287     * calles the version specific function if upgrade is required 
     288    * calls the version specific function if upgrade is required 
    288289    */ 
    289290    function update_db_check() 
     
    299300                    $this->db_update_1_2(); 
    300301                    break; 
     302                case "1.3": 
     303                    $this->db_update_1_3(); 
     304                    break; 
    301305            } 
    302306        } 
     
    368372        } 
    369373    } 
     374 
     375 
     376     function db_update_1_3() 
     377     { 
     378         /** 
     379          * modifies column data length for user_role 
     380          */ 
     381         global $wpdb; 
     382 
     383         $sql = "SELECT * FROM {$this->table} LIMIT 1"; 
     384         $fields = $wpdb->get_row($sql, 'ARRAY_A'); 
     385 
     386         if( !$fields ){ 
     387             $this->install(); 
     388             return; 
     389         } 
     390 
     391         $sql = "ALTER TABLE {$this->table} MODIFY user_role varchar(255) NOT NULL;"; 
     392         $insert = $wpdb->query( $sql ); 
     393 
     394         //update version record if it has been updated 
     395         if( false !== $insert ) 
     396             update_option( "sll_db_ver", $this->db_ver ); 
     397 
     398     } 
    370399 
    371400 
     
    486515        { 
    487516            $user_role = esc_attr( $_GET['user_role'] ); 
    488             $where['user_role'] = "user_role = '{$user_role}'"; 
     517            $where['user_role'] = "user_role LIKE '%{$user_role}%'"; 
    489518        } 
    490519        if( isset($_GET['result']) && '' != $_GET['result'] ) 
     
    515544        global $wpdb; 
    516545 
     546        $orderCol = array( 
     547            'uid' => 'uid', 
     548            'user_login' => 'user_login', 
     549            'time' => 'time', 
     550            'ip' => 'ip' 
     551        ); 
     552        $orderDir = array( 
     553            'asc' => 'ASC', 
     554            'desc'=> 'DESC' 
     555        ); 
     556 
    517557        $where = ''; 
    518558 
     559        $orderby = isset($orderCol[$orderby]) ? $orderCol[$orderby] : 'time'; 
     560        $order   = isset($orderDir[$order]) ? $orderDir[$order] : 'DESC'; 
     561 
    519562        $where = $this->make_where_query(); 
    520  
    521         $orderby = (!isset($orderby) || $orderby == '') ? 'time' : $orderby; 
    522         $order = (!isset($order) || $order == '') ? 'DESC' : $order; 
    523563 
    524564        if( is_array($where) && !empty($where) ) 
     
    526566 
    527567        $sql = "SELECT * FROM $this->table" . $where . " ORDER BY {$orderby} {$order} " . 'LIMIT ' . $limit . ' OFFSET ' . $offset; 
     568        var_dump($sql); 
     569 
    528570        $data = $wpdb->get_results($sql, 'ARRAY_A'); 
    529571 
     
    788830                    return; 
    789831 
     832                global $wp_roles; 
     833 
    790834                $user = new WP_User( $item['uid'] ); 
    791                 if ( !empty( $user->roles ) && is_array( $user->roles ) ) { 
    792                     foreach($user->roles as $role){ 
    793                         $roles[] = "<a href='" . add_query_arg( array('user_role' => $role), menu_page_url('login_log', false) ) . "' title='" . __('Filter log by User Role', 'sll') . "'>{$role}</a>"; 
     835                if ( !empty( $user->roles ) && is_array( $user->roles ) ) 
     836                { 
     837                    foreach($user->roles as $role) 
     838                    { 
     839 
     840                        $roleName = isset($wp_roles->roles[$role]['name']) ? $wp_roles->roles[$role]['name'] : $role; 
     841 
     842                        $roles[] = "<a href='" . add_query_arg( array('user_role' => $role), menu_page_url('login_log', false) ) . "' title='" . __('Filter log by User Role', 'sll') . "'>{$roleName}</a>"; 
    794843                    } 
    795844                    return implode(', ', $roles); 
Note: See TracChangeset for help on using the changeset viewer.