Skip to content

Commit

Permalink
Merge pull request #460 from CleanTalk/release_2.149
Browse files Browse the repository at this point in the history 
Release 2.149
  • Loading branch information
@AntonV1211
AntonV1211 authored Jan 13, 2025
2 parents dc6a945 + 87ec6dd commit 158b6f4
Show file tree
Hide file tree
Showing 35 changed files with 1,564 additions and 376 deletions.
2 changes: 1 addition & 1 deletion css/spbc-settings.min.css
View file

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions css/src/spbc-settings.css
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@

.spbc---gray{color: gray;}
.spbc---red{color: red;}
.spbc---green{color: #037603;}

.spbc_bold{font-weight: 800;}

Expand Down
102 changes: 83 additions & 19 deletions inc/spbc-admin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
use CleantalkSP\SpbctWP\LinkConstructor;
use CleantalkSP\SpbctWP\Scanner\Cure;
use CleantalkSP\SpbctWP\Escape;
use CleantalkSP\SpbctWP\SpbcEnqueue;
use CleantalkSP\SpbctWP\VulnerabilityAlarm\VulnerabilityAlarmService;
use CleantalkSP\Variables\Post;
use CleantalkSP\Variables\Server;
use CleantalkSP\SpbctWP\Firewall\WAF;
Expand Down Expand Up @@ -73,6 +75,7 @@ function spbc_admin_init()

// Scanner
add_action('wp_ajax_spbc_scanner_controller_front', array(ScannerQueue::class, 'controllerFront'));
add_action('wp_ajax_spbc_scanner_load_more_scan_logs', 'spbc_scanner_load_more_scan_logs');
add_action('wp_ajax_spbc_scanner_save_to_pdf', 'spbc_scanner_save_to_pdf');
add_action('wp_ajax_spbc_scanner_get_pdf_file_name', 'spbc_scanner_get_pdf_file_name');
add_action('wp_ajax_spbc_scanner_clear', 'spbc_scanner_clear'); // Debug. Clear the table
Expand Down Expand Up @@ -222,6 +225,46 @@ function spbc_plugin_list_show_vulnerability($plugin_file, $plugin_data, $_statu

if (isset($spbc->settings['vulnerability_check__show_reports']) && $spbc->settings['vulnerability_check__show_reports'] == true) {
add_filter('plugins_api_result', 'spbc_plugin_install_show_safety', 10, 3);
add_filter('plugin_row_meta', 'spbc_plugin_list_show_safety', 10, 3);
}

/**
* Show safety link for plugins
* @param array $links
* @param string $file
* @param array $plugin_data
* @return array
* @psalm-suppress UnusedParam
*/
function spbc_plugin_list_show_safety($links, $file, $plugin_data)
{
global $spbc;

if (!isset($plugin_data, $plugin_data['slug'], $plugin_data['Version'])) {
return $links;
}

$slug = $plugin_data['slug'];
$version = $plugin_data['Version'];

$report = VulnerabilityAlarmService::getItemReportStatic($slug, $version, true, false);

$do_show = (
isset($spbc->settings['vulnerability_check__show_reports']) &&
$spbc->settings['vulnerability_check__show_reports'] == true
);

if ($do_show && isset($report, $report->psc, $report->id, $slug)) {
$links[] = sprintf(
'<a href="https://research.cleantalk.org/reports/app/%s#%s" target="_blank" title="%s">%s</a>',
$slug,
$report->id,
$report->psc,
__('Security certified plugin', 'security-malware-firewall')
);
}

return $links;
}

function spbc_plugin_install_show_safety($res, $action, $_args)
Expand Down Expand Up @@ -412,11 +455,11 @@ function spbc_enqueue_scripts($hook)
global $spbc;

// For ALL admin pages
wp_enqueue_style('spbc_admin_css', SPBC_PATH . '/css/spbc-admin.min.css', array(), SPBC_VERSION, 'all');
wp_enqueue_style('spbc-icons', SPBC_PATH . '/css/spbc-icons.min.css', array(), SPBC_VERSION, 'all');
wp_enqueue_script('spbc-common-js', SPBC_PATH . '/js/spbc-common.min.js', array('jquery'), SPBC_VERSION, false);
wp_enqueue_script('spbc-admin-js', SPBC_PATH . '/js/spbc-admin.min.js', array('jquery'), SPBC_VERSION, false);
wp_enqueue_script('spbc-react-bundle-js', SPBC_PATH . '/js/spbc-react-bundle.js', array('wp-i18n'), SPBC_VERSION, ['in_footer']);
SpbcEnqueue::getInstance()->css('spbc-admin.css');
SpbcEnqueue::getInstance()->css('spbc-icons.css');
SpbcEnqueue::getInstance()->js('spbc-common.js', array('jquery'));
SpbcEnqueue::getInstance()->js('spbc-admin.js', array('jquery'));
SpbcEnqueue::getInstance()->js('spbc-react-bundle.js', array('wp-i18n'), ['in_footer']);
wp_set_script_translations('spbc-react-bundle-js', 'security-malware-firewall');

$vulnerability_show_install = (
Expand Down Expand Up @@ -452,9 +495,10 @@ function spbc_enqueue_scripts($hook)
),
));

wp_enqueue_script('spbc_cookie', SPBC_PATH . '/js/spbc-cookie.min.js', array('jquery'), SPBC_VERSION, false /*in header*/);
SpbcEnqueue::getInstance()->js('spbc-cookie.js', array('jquery'));

wp_localize_script(
'spbc_cookie',
'spbc-cookie-js',
'spbcPublic',
array (
'_ajax_nonce' => wp_create_nonce('ct_secret_stuff'),
Expand All @@ -469,12 +513,19 @@ function spbc_enqueue_scripts($hook)
);

if ($spbc->settings['upload_checker__file_check'] && in_array($hook, array('upload.php', 'media-new.php'))) {
wp_enqueue_script('spbc-upload-js', SPBC_PATH . '/js/spbc-upload.min.js', array('jquery'), SPBC_VERSION, false);
SpbcEnqueue::getInstance()->js('spbc-upload.js', array('jquery'));
}

// Load UI (modal window) for profile pages
if ($hook === 'profile.php' || $hook === 'user-edit.php') {
wp_enqueue_style('jquery-ui', SPBC_PATH . '/css/jquery-ui.min.css', array(), '1.12.1', 'all'); // JS
SpbcEnqueue::getInstance()->custom(
'jquery-ui',
SPBC_PATH . '/css/jquery-ui.min.css',
array(),
'1.12.1',
null,
'all'
);
wp_enqueue_script('jquery-ui-dialog');
}

Expand All @@ -493,23 +544,36 @@ function spbc_enqueue_scripts($hook)
$actions_modified = $button_template_approve . $button_template_replace . $button_template_compare . $button_template_view_bad;

// CSS
wp_enqueue_style('spbc-settings', SPBC_PATH . '/css/spbc-settings.min.css', array(), SPBC_VERSION, 'all');
wp_enqueue_style('spbc-settings-media', SPBC_PATH . '/css/spbc-settings-media.min.css', array(), SPBC_VERSION, 'all');
wp_enqueue_style('spbc-table', SPBC_PATH . '/css/spbc-table.min.css', array(), SPBC_VERSION, 'all');
SpbcEnqueue::getInstance()->css('spbc-settings.css');
SpbcEnqueue::getInstance()->css('spbc-settings-media.css');
SpbcEnqueue::getInstance()->css('spbc-table.css');
wp_deregister_style('jquery-ui-style');
wp_enqueue_style('jquery-ui', SPBC_PATH . '/css/jquery-ui.min.css', array(), '1.12.1', 'all');

SpbcEnqueue::getInstance()->custom(
'jquery-ui',
SPBC_PATH . '/css/jquery-ui.min.css',
array(),
'1.12.1',
null,
'all'
);
// JS
wp_enqueue_script('jquery-ui', SPBC_PATH . '/js/jquery-ui.min.js', array('jquery'), '1.13.1', true);
wp_enqueue_script('spbc-settings-js', SPBC_PATH . '/js/spbc-settings.min.js', array('jquery'), SPBC_VERSION, true);
wp_enqueue_script('spbc-table-js', SPBC_PATH . '/js/spbc-table.min.js', array('jquery'), SPBC_VERSION, true);
wp_enqueue_script('spbc-scanner-plugin-js', SPBC_PATH . '/js/spbc-scanner-plugin.min.js', array('jquery'), SPBC_VERSION, true);
SpbcEnqueue::getInstance()->custom(
'jquery-ui',
SPBC_PATH . '/js/jquery-ui.min.js',
array('jquery'),
'1.13.1',
true,
null
);
SpbcEnqueue::getInstance()->js('spbc-settings.js', array('jquery'), true);
SpbcEnqueue::getInstance()->js('spbc-table.js', array('jquery'), true);
SpbcEnqueue::getInstance()->js('spbc-scanner-plugin.js', array('jquery'), true);

wp_localize_script('spbc-table-js', 'spbcTableLocalize', array(
'scannerIsActive' => esc_html__('Scanner is active for now. Try later.', 'security-malware-firewall'),
));

wp_enqueue_script('spbc-modal', SPBC_PATH . '/js/spbc-modal.min.js', array('jquery'), SPBC_VERSION, true);
SpbcEnqueue::getInstance()->js('spbc-modal.js', array('jquery'), true);

wp_localize_script('spbc-settings-js', 'spbcSettingsSecLogs', array(
'amount' => SPBC_LAST_ACTIONS_TO_VIEW,
Expand Down
30 changes: 16 additions & 14 deletions inc/spbc-backups.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,8 @@ function spbc_backup__delete($direct_call = false, $backup_id = null)

if (empty($output['error'])) {
if (rmdir(SPBC_PLUGIN_DIR . 'backups/backup_' . $backup_id)) {
if ($wpdb->delete(SPBC_TBL_BACKUPED_FILES, array('backup_id' => $backup_id), array('%d'))) {
if ($wpdb->delete(SPBC_TBL_BACKUPS, array('backup_id' => $backup_id), array('%d'))) {
if (false !== $wpdb->delete(SPBC_TBL_BACKUPED_FILES, array('backup_id' => $backup_id), array('%d'))) {
if (false !== $wpdb->delete(SPBC_TBL_BACKUPS, array('backup_id' => $backup_id), array('%d'))) {
$output = array(
'html' => '<td ' . (isset($_POST['cols']) ? "colspan='{$_POST['cols']}'" : '') . '>Backup deleted</td>',
'success' => true,
Expand Down Expand Up @@ -91,7 +91,7 @@ function spbc_backup__files_with_signatures_handler()

$output = array('success' => true);

$files_to_backup = $wpdb->get_results('SELECT path, weak_spots FROM ' . SPBC_TBL_SCAN_FILES . ' WHERE weak_spots LIKE "%\"SIGNATURES\":%";', ARRAY_A);
$files_to_backup = $wpdb->get_results('SELECT path, weak_spots, checked_heuristic, checked_signatures, status, severity FROM ' . SPBC_TBL_SCAN_FILES . ' WHERE weak_spots LIKE "%\"SIGNATURES\":%";', ARRAY_A);

if (!is_array($files_to_backup) || !count($files_to_backup)) {
$output = array('success' => true);
Expand All @@ -100,6 +100,9 @@ function spbc_backup__files_with_signatures_handler()

$sql_data = array();
foreach ($files_to_backup as $file) {
if (spbc_file_has_backup($file['path'])) {
continue;
}
$weak_spots = json_decode($file['weak_spots'], true);

$signtures_in_file = array();
Expand All @@ -113,15 +116,6 @@ function spbc_backup__files_with_signatures_handler()
continue;
}

$sql_signatures_placeholder = rtrim(str_repeat('%s,', count($signtures_in_file)), ',');
$sql_signatures = 'SELECT * FROM ' . SPBC_TBL_SCAN_SIGNATURES . " WHERE id IN ($sql_signatures_placeholder) AND cci IS NOT NULL;";
$signatures_with_cci = $wpdb->get_results($wpdb->prepare($sql_signatures, $signtures_in_file), ARRAY_A);

// Backup only files which will be cured
if (!$signatures_with_cci) {
continue;
}

// Adding new backup batch
if ( ! isset($backup_id)) {
$wpdb->insert(SPBC_TBL_BACKUPS, array('type' => 'SIGNATURES', 'datetime' => date('Y-m-d H:i:s')));
Expand All @@ -143,8 +137,16 @@ function spbc_backup__files_with_signatures_handler()

$result = spbc_backup__file($file['path'], $backup_id);

$backup_prev_results_state = json_encode($file);
$backup_prev_results_state = $backup_prev_results_state === false ? 'ERROR' : $backup_prev_results_state;

if (empty($result['error'])) {
$sql_data[] = '(' . $backup_id . ',' . Helper::prepareParamForSQLQuery($file['path']) . ',' . Helper::prepareParamForSQLQuery($result) . ')';
$sql_data[] = '('
. $backup_id . ','
. Helper::prepareParamForSQLQuery($file['path']) . ','
. Helper::prepareParamForSQLQuery($result) . ','
. Helper::prepareParamForSQLQuery($backup_prev_results_state)
. ')';
} else {
// Mark the backup STOPPED while errors occurred
$wpdb->update(SPBC_TBL_BACKUPS, array('status' => 'STOPPED'), array('backup_id' => $backup_id));
Expand All @@ -161,7 +163,7 @@ function spbc_backup__files_with_signatures_handler()
$backup_id = isset($backup_id) ? $backup_id : $spbc->data['scanner']['last_backup'];

// Writing backuped files to DB
$sql_query = 'INSERT INTO ' . SPBC_TBL_BACKUPED_FILES . ' (backup_id, real_path, back_path) VALUES';
$sql_query = 'INSERT INTO ' . SPBC_TBL_BACKUPED_FILES . ' (backup_id, real_path, back_path, backup_prev_results_state) VALUES';
// suppress because data is already prepared in Helper::prepareParamForSQLQuery method
// @psalm-suppress WpdbUnsafeMethodsIssue
$result = $wpdb->query($sql_query . implode(',', $sql_data) . ';');
Expand Down
Loading

0 comments on commit 158b6f4

Please sign in to comment.