diff --git a/class/MainWPChild.class.php b/class/MainWPChild.class.php index 4c8526e..be7a294 100644 --- a/class/MainWPChild.class.php +++ b/class/MainWPChild.class.php @@ -731,7 +731,7 @@ class MainWPChild $auth = (md5($func . $nonce . get_option('mainwp_child_nossl_key')) == base64_decode($signature)); } else - { + { $auth = openssl_verify($func . $nonce, base64_decode($signature), base64_decode(get_option('mainwp_child_pubkey'))); } } @@ -1362,11 +1362,14 @@ class MainWPChild $extra = $_POST['extra']; $userId = $_POST['id']; $user_pass = $_POST['user_pass']; - + + global $current_user; + $reassign = (isset($current_user) && isset($current_user->ID)) ? $current_user->ID : 0; + if ($action == 'delete') { include_once(ABSPATH . '/wp-admin/includes/user.php'); - wp_delete_user($userId); + wp_delete_user($userId, $reassign); } else if ($action == 'changeRole') { @@ -3042,7 +3045,7 @@ class MainWPChild $out['slug'] = $pluginslug; $out['description'] = $plugin['Description']; $out['version'] = $plugin['Version']; - $out['active'] = (is_array($active_plugins) && in_array($pluginslug, $active_plugins)) ? 1 : 0; + $out['active'] = (is_array($active_plugins) && in_array($pluginslug, $active_plugins)) ? 1 : 0; if (!$filter) { $rslt[] = $out; diff --git a/class/MainWPClientReport.class.php b/class/MainWPClientReport.class.php index f09a342..c425f64 100644 --- a/class/MainWPClientReport.class.php +++ b/class/MainWPClientReport.class.php @@ -2,8 +2,8 @@ class MainWPClientReport { - public static $instance = null; - + public static $instance = null; + static function Instance() { if (MainWPClientReport::$instance == null) { MainWPClientReport::$instance = new MainWPClientReport(); @@ -42,10 +42,18 @@ class MainWPClientReport public function action() { $information = array(); - if (!function_exists('wp_stream_query')) { + if (!function_exists('wp_stream_query') || !class_exists('WP_Stream') ) { $information['error'] = 'NO_STREAM'; MainWPHelper::write($information); - } + } + + if (version_compare(WP_Stream::VERSION, '2.0.0', '>=') && function_exists('WP_Stream::is_connected')) { + if (!WP_Stream::is_connected()) { + $information['error'] = 'NOT_CONNECT_STREAM'; + MainWPHelper::write($information); + } + } + if (isset($_POST['mwp_action'])) { switch ($_POST['mwp_action']) { case "save_sucuri_stream": @@ -111,7 +119,7 @@ class MainWPClientReport unset($_POST['sections']); unset($_POST['other_tokens']); - $args = array(); + $args = array(); foreach ( $allowed_params as $param ) { $paramval = wp_stream_filter_input( INPUT_POST, $param ); if ( $paramval || '0' === $paramval ) { @@ -123,18 +131,38 @@ class MainWPClientReport if (!in_array($arg, $allowed_params)) { unset($args[$arg]); } - } - if (isset($args['date_from'])) - $args['date_from'] = date("Y-m-d H:i:s", $args['date_from']); + } - if (isset($args['date_to'])) - $args['date_to'] = date("Y-m-d H:i:s", $args['date_to']); + $args['action__not_in'] = array('login'); - $args['records_per_page'] = -1; + if (self::is_version_2()) { + if (isset($args['date_from'])) + $args['date_from'] = date("Y-m-d", $args['date_from']); + + if (isset($args['date_to'])) + $args['date_to'] = date("Y-m-d", $args['date_to']); + } else { + $args['fields'] = 'with-meta'; + if (isset($args['date_from'])) + $args['date_from'] = date("Y-m-d H:i:s", $args['date_from']); + + if (isset($args['date_to'])) + $args['date_to'] = date("Y-m-d H:i:s", $args['date_to']); + } + + $args['records_per_page'] = 9999; +// error_log(print_r($args, true)); + + $records = wp_stream_query( $args ); + +// if (count($records) > 0) +// error_log(print_r($records, true)); +// else +// error_log("=============="); - $records = wp_stream_query( $args ); if (!is_array($records)) $records = array(); + //return $records; //$other_tokens_data = $this->get_other_tokens_data($records, $other_tokens); @@ -152,29 +180,136 @@ class MainWPClientReport $sections_data = array(); - if (isset($sections['header']) && is_array($sections['header'])) { - foreach($sections['header'] as $sec => $tokens) { - $sections_data['header'][$sec] = $this->get_section_loop_data($records, $tokens, $sec); + if (isset($sections['header']) && is_array($sections['header']) && !empty($sections['header'])) { + foreach($sections['header']['section_token'] as $index => $sec) { + $tokens = $sections['header']['section_content_tokens'][$index]; + $sections_data['header'][$index] = $this->get_section_loop_data($records, $tokens, $sec); } } - if (isset($sections['body']) && is_array($sections['body'])) { - foreach($sections['body'] as $sec => $tokens) { - $sections_data['body'][$sec] = $this->get_section_loop_data($records, $tokens, $sec); + if (isset($sections['body']) && is_array($sections['body']) && !empty($sections['body'])) { + foreach($sections['body']['section_token'] as $index => $sec) { + $tokens = $sections['body']['section_content_tokens'][$index]; + $sections_data['body'][$index] = $this->get_section_loop_data($records, $tokens, $sec); } } - if (isset($sections['footer']) && is_array($sections['footer'])) { - foreach($sections['footer'] as $sec => $tokens) { - $sections_data['footer'][$sec] = $this->get_section_loop_data($records, $tokens, $sec); + if (isset($sections['footer']) && is_array($sections['footer']) && !empty($sections['footer'])) { + foreach($sections['footer'] as $index => $sec) { + $tokens = $sections['footer']['section_content_tokens'][$index]; + $sections_data['footer'][$index] = $this->get_section_loop_data($records, $tokens, $sec); } } $information = array('other_tokens_data' => $other_tokens_data, - 'sections_data' => $sections_data ); + 'sections_data' => $sections_data ); return $information; } function get_other_tokens_data($records, $tokens) { + if (self::is_version_2()) { + return $this->get_other_tokens_data_two($records, $tokens); + } + + $convert_context_name = array( + "comment" => "comments", + "plugin" => "plugins", + "profile" => "profiles", + "session" => "sessions", + "setting" => "settings", + "setting" => "settings", + "theme" => "themes", + "posts" => "post", + "pages" => "page", + "user" => "users", + "widget" => "widgets", + "menu" => "menus", + "backups" => "mainwp_backups", + "backup" => "mainwp_backups", + "sucuri" => "mainwp_sucuri", + ); + + $convert_action_name = array( + "restored" => "untrashed", + "spam" => "spammed", + "backups" => "mainwp_backup", + "backup" => "mainwp_backup" + ); + + $allowed_data = array( + 'count' + ); + + $token_values = array(); + + if (!is_array($tokens)) + $tokens = array(); + + foreach ($tokens as $token) { + $str_tmp = str_replace(array('[', ']'), "", $token); + $array_tmp = explode(".", $str_tmp); + + if (is_array($array_tmp)) { + $context = $action = $data = ""; + if (count($array_tmp) == 2) { + list($context, $data) = $array_tmp; + } else if (count($array_tmp) == 3) { + list($context, $action, $data) = $array_tmp; + } + + $context = isset($convert_context_name[$context]) ? $convert_context_name[$context] : $context; + if (isset($convert_action_name[$action])) { + $action = $convert_action_name[$action]; + } + + switch ($data) { + case "count": + $count = 0; + foreach ($records as $record) { + if ($context == "themes" && $action == "edited") { + if ($record->action !== "updated" || $record->connector !== "editor") + continue; + } else if ($context == "users" && $action == "updated") { + if ($record->context !== "profiles" || $record->connector !== "users") + continue; + } else if ($context == "mainwp_backups") { + if ($record->context !== "mainwp_backups") { + continue; + } + } else if ($context == "mainwp_sucuri") { + if ($record->context !== "mainwp_sucuri") { + continue; + } + } else { + if ($action != $record->action) + continue; + + if ($context == "comments" && $record->context != "page" && $record->context != "post") + continue; + else if ($context == "media" && $record->connector != "media") + continue; + else if ($context == "widgets" && $record->connector != "widgets") + continue; + else if ($context == "menus" && $record->connector != "menus") + continue; + + if ($context !== "comments" && $context !== "media" && + $context !== "widgets" && $context !== "menus" && + $record->context != $context) + continue; + } + + $count++; + } + $token_values[$token] = $count; + break; + } + } + } + return $token_values; + } + + function get_other_tokens_data_two($records, $tokens) { + $convert_context_name = array( "comment" => "comments", "plugin" => "plugins", @@ -230,7 +365,10 @@ class MainWPClientReport case "count": $count = 0; foreach ($records as $record) { - if ($context == "themes" && $action == "edited") { + if ($context == "plugins" && $action == "edited") { + if ($record->action !== "updated" || $record->connector !== "editor") + continue; + } else if ($context == "themes" && $action == "edited") { if ($record->action !== "updated" || $record->connector !== "editor") continue; } else if ($context == "users" && $action == "updated") { @@ -261,8 +399,7 @@ class MainWPClientReport $context !== "widgets" && $context !== "menus" && $record->context != $context) continue; - } - + } $count++; } $token_values[$token] = $count; @@ -273,6 +410,7 @@ class MainWPClientReport return $token_values; } + function get_section_loop_data($records, $tokens, $section) { $convert_context_name = array( @@ -326,8 +464,21 @@ class MainWPClientReport $loop_count = 0; foreach ($records as $record) { - $theme_edited = $users_updated = false; - if ($context == "themes" && $action == "edited") { + $theme_edited = $users_updated = $plugin_edited = false; + + if (self::is_version_2()) { + if ($context == "plugins" && $action == "edited") { + if ($record->action !== "updated" || $record->connector !== "editor") + continue; + else { + $plugin_edited = true; + } + } + } + + if($plugin_edited) { + // ok next + } else if ($context == "themes" && $action == "edited") { if ($record->action !== "updated" || $record->connector !== "editor") continue; else @@ -387,7 +538,7 @@ class MainWPClientReport if ($data == "version") { if ($str2 == "old") $data = "old_version"; - else if ($str2 == "current") + else if ($str2 == "current" && $str1 == "wordpress") $data = "new_version"; } } @@ -401,7 +552,7 @@ class MainWPClientReport break; case "area": $data = "sidebar_name"; - $token_values[$token] = $this->get_stream_meta_data($record->ID, $data); + $token_values[$token] = $this->get_stream_meta_data($record, $data); break; case "name": case "version": @@ -412,10 +563,13 @@ class MainWPClientReport if ($data == "name") { if ($theme_edited) $data = "theme_name"; - else if ($users_updated) { + else if ($plugin_edited) { + $data = "plugin_name"; + } else if ($users_updated) { $data = "display_name"; } - } + } + if ($data == "roles" && $users_updated) { $user_info = get_userdata($record->object_id); if ( !( is_object( $user_info ) && is_a( $user_info, 'WP_User' ) ) ) { @@ -425,7 +579,7 @@ class MainWPClientReport } $token_values[$token] = $roles; } else { - $token_values[$token] = $this->get_stream_meta_data($record->ID, $data); + $token_values[$token] = $this->get_stream_meta_data($record, $data); } break; case "title": @@ -434,28 +588,28 @@ class MainWPClientReport else if ($record->connector == "menus") { $data = "name"; } - $token_values[$token] = $this->get_stream_meta_data($record->ID, $data); + $token_values[$token] = $this->get_stream_meta_data($record, $data); break; case "author": $data = "author_meta"; - $token_values[$token] = $this->get_stream_meta_data($record->ID, $data); + $token_values[$token] = $this->get_stream_meta_data($record, $data); break; case "status": // sucuri cases case "webtrust": if ($context == "mainwp_sucuri") { - $token_values[$token] = $this->get_stream_meta_data($record->ID, $data); + $token_values[$token] = $this->get_stream_meta_data($record, $data); } else $token_values[$token] = $token; break; case "destination": // backup cases case "type": if ($context == "mainwp_backups") { - $token_values[$token] = $this->get_stream_meta_data($record->ID, $data); + $token_values[$token] = $this->get_stream_meta_data($record, $data); } else $token_values[$token] = $token; break; default: - $token_values[$token] = $token; + $token_values[$token] = "N/A"; break; } @@ -469,32 +623,60 @@ class MainWPClientReport return $loops; } - function get_stream_meta_data($record_id, $data) { + public static function is_version_2() { + return version_compare(WP_Stream::VERSION, '2.0.0', '>='); + } + + function get_stream_meta_data($record, $data) { + + if (empty($record)) + return ""; + + if (self::is_version_2()) + return $this->get_stream_meta_data_two($record, $data); + + $record_id = $record->ID; $meta_key = $data; - - global $wpdb; - - if (class_exists('WP_Stream_Install')) - $prefix = WP_Stream_Install::$table_prefix; - else - $prefix = $wpdb->prefix; - - $sql = "SELECT meta_value FROM {$prefix}stream_meta WHERE record_id = " . $record_id . " AND meta_key = '" . $meta_key . "'"; - $meta = $wpdb->get_row( $sql ); - $value = ""; - if (!empty($meta)) { - $value = $meta->meta_value; - if ($meta_key == "author_meta") { - $value = unserialize($value); - $value = $value['display_name']; - } + + if (isset($record->meta)) { + $meta = $record->meta; + if (isset($meta[$meta_key])) { + $value = $meta[$meta_key]; + $value = current($value); + if ($meta_key == "author_meta") { + $value = unserialize($value); + $value = $value['display_name']; + } + + } } return $value; } + function get_stream_meta_data_two($record, $data) { + $meta_key = $data; + $stream_meta = $author_meta = false; + + if (is_object($record)) { + if (isset($record->stream_meta)) + $stream_meta = $record->stream_meta; + if (isset($record->author_meta)) + $author_meta = $record->author_meta; + } + $value = ""; + if ($meta_key == "author_meta") { + if (is_object($author_meta) && isset($author_meta->display_name)) + $value = $author_meta->display_name; + } else if (is_object($stream_meta) && isset($stream_meta->{$meta_key})){ + $value = $stream_meta->{$meta_key}; + } + + return $value; + } + function set_showhide() { MainWPHelper::update_option('mainwp_creport_ext_branding_enabled', "Y"); $hide = isset($_POST['showhide']) && ($_POST['showhide'] === "hide") ? 'hide' : ""; diff --git a/class/MainWPHeatmapTracker.class.php b/class/MainWPHeatmapTracker.class.php index 4bc3b57..dd11286 100644 --- a/class/MainWPHeatmapTracker.class.php +++ b/class/MainWPHeatmapTracker.class.php @@ -204,7 +204,8 @@ class MainWPHeatmapTracker return false; $timestamp = time(); $signature = $this->createSignature($key, $timestamp, $clickData); - $request = wp_remote_post($url, array( + + $params = array( 'headers' => array( 'Referer' => site_url() ), @@ -213,8 +214,14 @@ class MainWPHeatmapTracker 'signature' => $signature, 'data' => base64_encode(serialize($clickData)), 'action' => 'heatmapSendClick' - ) - )); + ) + ); + + if (strpos($url, "https://") === 0) + $params['sslverify'] = FALSE; + + $request = wp_remote_post($url, $params); + if ( is_array($request) && intval($request['body']) > 0 ) delete_option('mainwp_child_click_data'); } @@ -349,7 +356,8 @@ class MainWPHeatmapTracker $key = get_option('mainwp_child_pubkey'); $timestamp = time(); $signature = $this->createSignature($key, $timestamp, $data); - $request = wp_remote_post($url, array( + + $params = array( 'headers' => array( 'Referer' => site_url() ), @@ -359,8 +367,13 @@ class MainWPHeatmapTracker 'data' => base64_encode(serialize($data)), 'action' => 'heatmapGetClickData' ), - 'timeout' => 60 - )); + 'timeout' => 60 + ); + + if (strpos($url, "https://") === 0) + $params['sslverify'] = FALSE; + + $request = wp_remote_post($url, $params); if ( is_array($request) ) { diff --git a/class/MainWPHelper.class.php b/class/MainWPHelper.class.php index 13c5d73..48635f6 100644 --- a/class/MainWPHelper.class.php +++ b/class/MainWPHelper.class.php @@ -148,18 +148,18 @@ class MainWPHelper try { - $downloadfile = MainWPHelper::uploadImage($originalImgUrl); - $localUrl = $downloadfile['url']; - $linkToReplaceWith = dirname($localUrl); - if ($hrefLink != '') - { - $lnkToReplace = dirname($hrefLink); - if ($lnkToReplace != 'http:' && $lnkToReplace != 'https:') $new_post['post_content'] = str_replace($lnkToReplace, $linkToReplaceWith, $new_post['post_content']); - } - - $lnkToReplace = dirname($imgUrl); + $downloadfile = MainWPHelper::uploadImage($originalImgUrl); + $localUrl = $downloadfile['url']; + $linkToReplaceWith = dirname($localUrl); + if ($hrefLink != '') + { + $lnkToReplace = dirname($hrefLink); if ($lnkToReplace != 'http:' && $lnkToReplace != 'https:') $new_post['post_content'] = str_replace($lnkToReplace, $linkToReplaceWith, $new_post['post_content']); } + + $lnkToReplace = dirname($imgUrl); + if ($lnkToReplace != 'http:' && $lnkToReplace != 'https:') $new_post['post_content'] = str_replace($lnkToReplace, $linkToReplaceWith, $new_post['post_content']); + } catch (Exception $e) { diff --git a/class/MainWPStreamConnectorBackups.class.php b/class/MainWPStreamConnectorBackups.class.php index 3cc6824..98c6a8c 100644 --- a/class/MainWPStreamConnectorBackups.class.php +++ b/class/MainWPStreamConnectorBackups.class.php @@ -64,14 +64,23 @@ if (class_exists('WP_Stream_Connector')) { return $links; } - public static function callback_mainwp_backup($destination, $message, $size, $status, $type) { - self::log( - $message, - compact('destination', 'status', 'type', 'size'), - 0, - array( 'mainwp_backups' => 'mainwp_backup' ) - ); - + public static function callback_mainwp_backup($destination, $message, $size, $status, $type) { + if (MainWPClientReport::is_version_2()) { + self::log( + $message, + compact('destination', 'status', 'type', 'size'), + 0, + 'mainwp_backups', + 'mainwp_backup' + ); + } else { + self::log( + $message, + compact('destination', 'status', 'type', 'size'), + 0, + array( 'mainwp_backups' => 'mainwp_backup' ) + ); + } } } } diff --git a/class/MainWPStreamConnectorSucuri.class.php b/class/MainWPStreamConnectorSucuri.class.php index 5c186a9..f46d2a3 100644 --- a/class/MainWPStreamConnectorSucuri.class.php +++ b/class/MainWPStreamConnectorSucuri.class.php @@ -82,12 +82,22 @@ if (class_exists('WP_Stream_Connector')) { $webtrust = isset($scan_result['webtrust']) ? $scan_result['webtrust'] : ""; } - self::log( - $message, - compact('scan_status', 'status', 'webtrust'), - 0, - array( 'mainwp_sucuri' => 'mainwp_sucuri_scan' ) - ); + if (MainWPClientReport::is_version_2()) { + self::log( + $message, + compact('scan_status', 'status', 'webtrust'), + 0, + 'mainwp_sucuri', + 'mainwp_sucuri_scan' + ); + } else { + self::log( + $message, + compact('scan_status', 'status', 'webtrust'), + 0, + array( 'mainwp_sucuri' => 'mainwp_sucuri_scan' ) + ); + } } } } diff --git a/mainwp-child.php b/mainwp-child.php index 061466c..1eb21b8 100644 --- a/mainwp-child.php +++ b/mainwp-child.php @@ -5,7 +5,7 @@ Description: Child Plugin for MainWP. The plugin is used so the installed blog can be securely managed remotely by your network. Plugin documentation and options can be found here http://docs.mainwp.com Author: MainWP Author URI: http://mainwp.com - Version: 1.4-beta2 + Version: 1.4-beta3 */ header('X-Frame-Options: ALLOWALL'); //header('X-Frame-Options: GOFORIT');