Context Navigation

← Previous Changeset
Next Changeset →

Changeset 1660615

Timestamp:

05/19/2017 05:27:58 AM (9 years ago)

Author:

maxchirkov

Message:

Fixed: logins were not recorded due to (multiple) agent roles assigned to the same user a longer than 30 characters.
Fixed: sql injection vulnerability.

Location:

simple-login-log/trunk

Files:

: 2 edited

readme.txt (modified) (2 diffs)
simple-login-log.php (modified) (12 diffs)

Legend:

: Unmodified
: Added
: Removed

simple-login-log/trunk/readme.txt

-                      r1484117
+                      r1660615
 Tags: login, log, users
 Requires at least: 3.0
 Tested up to: 4.6
 Stable tag: 1.1.1
+Tested up to: 4.7.5
+Stable tag: 1.1.2
 This plugin keeps a log of WordPress user logins. Offers user and date filtering, and export features.
 …
 == Changelog ==
+**Version 1.1.2**
+- Fixed: logins were not recorded due to (multiple) agent roles assigned to the same user a longer than 30 characters.
+- Fixed: sql injection vulnerability.
 **Version 1.1.0**

simple-login-log/trunk/simple-login-log.php

-                      r1484117
+                      r1660615
   Description: This plugin keeps a log of WordPress user logins. Offers user filtering and export features.
   Author: Max Chirkov
   Version: 1.1.1
+  Version: 1.1.2
   Author URI: http://SimpleRealtyTheme.com
  */
 …
  class SimpleLoginLog
+ {
     private $db_ver = "1.2";
+    private $db_ver = "1.3";
     public $table = 'simple_login_log';
     private $log_duration = null; //days
 …
             $start = time();
             wp_schedule_event($start, 'daily', 'truncate_sll');
         }elseif( !$log_duration || 0 == $log_duration)
+        } elseif( !$log_duration || 0 == $log_duration)
+        {
             $timestamp = wp_next_scheduled( 'truncate_sll' );
 …
+    function deactivation(){
+    function deactivation()
+    {
         wp_clear_scheduled_hook('truncate_sll');
 …
                         uid INT( 11 ) NOT NULL ,
                         user_login VARCHAR( 60 ) NOT NULL ,
                         user_role VARCHAR( 30 ) NOT NULL ,
+                        user_role VARCHAR( 255 ) NOT NULL ,
                         time DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL ,
                         ip VARCHAR( 100 ) NOT NULL ,
 …
     /**
     * Checks if the installed database version is the same as the db version of the current plugin
     * calles the version specific function if upgrade is required
+    * calls the version specific function if upgrade is required
     */
     function update_db_check()
 …
                     $this->db_update_1_2();
                     break;
+                case "1.3":
+                    $this->db_update_1_3();
+                    break;
+            }
+        }
 …
+        }
+    }
+     function db_update_1_3()
+     {
+         /**
+          * modifies column data length for user_role
+          */
+         global $wpdb;
+         $sql = "SELECT * FROM {$this->table} LIMIT 1";
+         $fields = $wpdb->get_row($sql, 'ARRAY_A');
+         if( !$fields ){
+             $this->install();
+             return;
+         }
+         $sql = "ALTER TABLE {$this->table} MODIFY user_role varchar(255) NOT NULL;";
+         $insert = $wpdb->query( $sql );
+         //update version record if it has been updated
+         if( false !== $insert )
+             update_option( "sll_db_ver", $this->db_ver );
+     }
 …
+        {
             $user_role = esc_attr( $_GET['user_role'] );
             $where['user_role'] = "user_role = '{$user_role}'";
+            $where['user_role'] = "user_role LIKE '%{$user_role}%'";
+        }
         if( isset($_GET['result']) && '' != $_GET['result'] )
 …
         global $wpdb;
+        $orderCol = array(
+            'uid' => 'uid',
+            'user_login' => 'user_login',
+            'time' => 'time',
+            'ip' => 'ip'
+        );
+        $orderDir = array(
+            'asc' => 'ASC',
+            'desc'=> 'DESC'
+        );
         $where = '';
+        $orderby = isset($orderCol[$orderby]) ? $orderCol[$orderby] : 'time';
+        $order   = isset($orderDir[$order]) ? $orderDir[$order] : 'DESC';
         $where = $this->make_where_query();
-        $orderby = (!isset($orderby) || $orderby == '') ? 'time' : $orderby;
-        $order = (!isset($order) || $order == '') ? 'DESC' : $order;
         if( is_array($where) && !empty($where) )
 …
         $sql = "SELECT * FROM $this->table" . $where . " ORDER BY {$orderby} {$order} " . 'LIMIT ' . $limit . ' OFFSET ' . $offset;
+        var_dump($sql);
         $data = $wpdb->get_results($sql, 'ARRAY_A');
 …
                     return;
+                global $wp_roles;
                 $user = new WP_User( $item['uid'] );
+                if ( !empty( $user->roles ) && is_array( $user->roles ) ) {
+                    foreach($user->roles as $role){
+                        $roles[] = "<a href='" . add_query_arg( array('user_role' => $role), menu_page_url('login_log', false) ) . "' title='" . __('Filter log by User Role', 'sll') . "'>{$role}</a>";
+                if ( !empty( $user->roles ) && is_array( $user->roles ) )
+                {
+                    foreach($user->roles as $role)
+                    {
+                        $roleName = isset($wp_roles->roles[$role]['name']) ? $wp_roles->roles[$role]['name'] : $role;
+                        $roles[] = "<a href='" . add_query_arg( array('user_role' => $role), menu_page_url('login_log', false) ) . "' title='" . __('Filter log by User Role', 'sll') . "'>{$roleName}</a>";
+                    }
                     return implode(', ', $roles);

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 1660615

Legend:

simple-login-log/trunk/readme.txt

simple-login-log/trunk/simple-login-log.php

Download in other formats: