diff options
| author | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-28 20:15:29 +0000 |
|---|---|---|
| committer | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-28 20:15:29 +0000 |
| commit | 5f134fb5839bf3e161385727c2a2009b54444878 (patch) | |
| tree | c504f5ec5158704dbfd96f74d8675ab228f0070a | |
| parent | 6372e454198ed7a1a792b5bfd286af1178ae7d63 (diff) | |
| download | Post-SMTP-5f134fb5839bf3e161385727c2a2009b54444878.zip | |
security + export csv
| -rw-r--r-- | Postman/Postman-Email-Log/PostmanEmailLogController.php | 57 | ||||
| -rw-r--r-- | Postman/Postman-Email-Log/PostmanEmailLogView.php | 2 | ||||
| -rw-r--r-- | Postman/PostmanAjaxController.php | 9 | ||||
| -rw-r--r-- | Postman/PostmanInputSanitizer.php | 8 | ||||
| -rw-r--r-- | Postman/PostmanLogFields.php | 4 | ||||
| -rw-r--r-- | Postman/PostmanViewController.php | 2 | ||||
| -rw-r--r-- | style/postman-email-log.css | 5 |
7 files changed, 74 insertions, 13 deletions
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogController.php b/Postman/Postman-Email-Log/PostmanEmailLogController.php index 49f226b..c496455 100644 --- a/Postman/Postman-Email-Log/PostmanEmailLogController.php +++ b/Postman/Postman-Email-Log/PostmanEmailLogController.php @@ -72,8 +72,48 @@ class PostmanEmailLogController { PostmanViewController::JQUERY_SCRIPT, PostmanViewController::POSTMAN_SCRIPT, ), $pluginData ['version'] ); + $this->handleCsvExport(); } + function handleCsvExport() { + if ( ! empty( $_POST ) && ! wp_verify_nonce( $_REQUEST['post-smtp-log'], 'post-smtp' ) ) + die( 'Security check' ); + + if ( isset( $_POST['postman_export_csv'] ) && current_user_can( Postman::MANAGE_POSTMAN_CAPABILITY_LOGS ) ) { + $args = array( + 'post_type' => PostmanEmailLogPostType::POSTMAN_CUSTOM_POST_TYPE_SLUG, + 'post_status' => PostmanEmailLogService::POSTMAN_CUSTOM_POST_STATUS_PRIVATE, + 'posts_per_page' => -1, + ); + $logs = new WP_Query($args); + + if ( empty( $logs->posts ) ) { + return; + } + + header('Content-Type: text/csv'); + header('Content-Disposition: attachment; filename="email-logs.csv"'); + + $fp = fopen('php://output', 'wb'); + + $headers = array_keys( PostmanLogFields::get_instance()->get_fields() ); + fputcsv($fp, $headers); + + foreach ( $logs->posts as $log ) { + $meta = PostmanLogFields::get_instance()->get($log->ID); + $data = []; + foreach ( $meta as $header => $line ) { + $data[] = $line[0]; + } + fputcsv($fp, $data); + } + + fclose($fp); + die(); + + } + } + /** */ public function resendMail() { @@ -404,14 +444,21 @@ class PostmanEmailLogController { } ?> </select> - </div> - <div class="form-control" style="padding: 0 5px 0 5px;"> + </div> + + <div class="form-control"> + <button type="submit" id="postman_export_csv" name="postman_export_csv" class="button button-primary"><?php _e( 'Export To CSV', 'post-smtp' ); ?></button> + </div> + + <div class="form-control" style="padding: 0 5px 0 5px; margin-right: 50px;"> <button type="submit" name="filter" class="button button-primary"><?php _e( 'Filter/Search', 'post-smtp' ); ?></button> - </div> + </div> + <div class="form-control"> <button type="submit" id="postman_trash_all" name="postman_trash_all" class="button button-primary"><?php _e( 'Trash All', 'post-smtp' ); ?></button> - </div> - </div> + </div> + + </div> <div class="error">Please notice: when you select a date for example 11/20/2017, behind the scene the query select <b>11/20/2017 00:00:00</b>.<br>So if you searching for an email arrived that day at any hour you need to select 11/20/2017 as the <b>From Date</b> and 11/21/2017 as the <b>To Date</b>.</div> </form> diff --git a/Postman/Postman-Email-Log/PostmanEmailLogView.php b/Postman/Postman-Email-Log/PostmanEmailLogView.php index 2860690..205235d 100644 --- a/Postman/Postman-Email-Log/PostmanEmailLogView.php +++ b/Postman/Postman-Email-Log/PostmanEmailLogView.php @@ -263,7 +263,7 @@ class PostmanEmailLogView extends WP_List_Table { * ************************************************************************ */ function prepare_items() { - if ( ! wp_verify_nonce( $_REQUEST['post-smtp-log'], 'post-smtp' ) ) + if ( ! empty( $_POST ) && ! wp_verify_nonce( $_REQUEST['post-smtp-log'], 'post-smtp' ) ) die( 'Security check' ); /** diff --git a/Postman/PostmanAjaxController.php b/Postman/PostmanAjaxController.php index 16d70cc..ad63464 100644 --- a/Postman/PostmanAjaxController.php +++ b/Postman/PostmanAjaxController.php @@ -49,9 +49,16 @@ if (! class_exists ( 'PostmanAbstractAjaxHandler' )) { */ protected function getRequestParameter($parameterName) { if (isset ( $_POST [$parameterName] )) { - $value = sanitize_text_field($_POST[$parameterName]); + if ( is_array($_POST [$parameterName] ) ) { + array_walk_recursive( $_POST [$parameterName], 'sanitize_text_field' ); + $value = $_POST [$parameterName]; + } else { + $value = sanitize_text_field($_POST[$parameterName]); + } + $this->logger->trace ( sprintf ( 'Found parameter "%s"', $parameterName ) ); $this->logger->trace ( $value ); + return $value; } } diff --git a/Postman/PostmanInputSanitizer.php b/Postman/PostmanInputSanitizer.php index 1b73378..75a0041 100644 --- a/Postman/PostmanInputSanitizer.php +++ b/Postman/PostmanInputSanitizer.php @@ -121,7 +121,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) { public function sanitizeString( $desc, $key, $input, &$new_input ) { if ( isset( $input [ $key ] ) ) { $this->logSanitize( $desc, $input [ $key ] ); - $new_input [ $key ] = trim( $input [ $key ] ); + $new_input [ $key ] = sanitize_text_field( trim( $input [ $key ] ) ); } } @@ -149,7 +149,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) { $new_input [ $key ] = $existingPassword; } else { // otherwise the password is new, so trim it - $new_input [ $key ] = trim( $input [ $key ] ); + $new_input [ $key ] = sanitize_text_field( trim( $input [ $key ] ) ); } // log it $this->logSanitize( $desc, $new_input [ $key ] ); @@ -158,6 +158,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) { } $this->logger->debug( sprintf( 'Encoding %s as %s', $desc, $new_input [ $key ] ) ); } + private function sanitizeLogMax( $desc, $key, $input, &$new_input ) { if ( isset( $input [ $key ] ) ) { $value = absint( $input [ $key ] ); @@ -167,10 +168,11 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) { $h->addError( sprintf( '%s %s', __( 'Maximum Log Entries', 'post-smtp' ), __( 'must be greater than 0', 'post-smtp' ) ) ); } else { $this->logSanitize( $desc, $input [ $key ] ); - $new_input [ $key ] = $value; + $new_input [ $key ] = absint($value); } } } + private function sanitizeInt( $desc, $key, $input, &$new_input ) { if ( isset( $input [ $key ] ) ) { $this->logSanitize( $desc, $input [ $key ] ); diff --git a/Postman/PostmanLogFields.php b/Postman/PostmanLogFields.php index 9299586..84a3121 100644 --- a/Postman/PostmanLogFields.php +++ b/Postman/PostmanLogFields.php @@ -41,6 +41,10 @@ class PostmanLogFields { return $data; } + public function get_fields() { + return $this->fields; + } + public function update( $post_id, $key, $value ) { $sanitized = $this->sanitize( $key, $value ); $encode = $this->encode( $sanitized ); diff --git a/Postman/PostmanViewController.php b/Postman/PostmanViewController.php index 9082d35..726880b 100644 --- a/Postman/PostmanViewController.php +++ b/Postman/PostmanViewController.php @@ -374,7 +374,7 @@ if ( ! class_exists( 'PostmanViewController' ) ) { printf( '<li><a href="%s" class="welcome-icon run-port-test">%s</a></li>', $this->getPageUrl( PostmanConnectivityTestController::PORT_TEST_SLUG ), __( 'Connectivity Test', 'post-smtp' ) ); printf( '<li><a href="%s" class="welcome-icon run-port-test">%s</a></li>', $this->getPageUrl( PostmanDiagnosticTestController::DIAGNOSTICS_SLUG ), __( 'Diagnostic Test', 'post-smtp' ) ); printf( '<li><a href="%s" data-security="%s" class="welcome-icon release-lock-file">%s</a></li>', '#', wp_create_nonce( "postman" ), __( 'Release Lock File Error', 'post-smtp' ) ); - printf( '<li><a href="https://postmansmtp.com/forums/" class="welcome-icon postman_support">%s</a></li>', __( 'Online Support', 'post-smtp' ) ); + printf( '<li><a href="https://wordpress.org/support/plugin/post-smtp/" class="welcome-icon postman_support">%s</a></li>', __( 'Online Support', 'post-smtp' ) ); printf( '<li><img class="align-middle" src="' . plugins_url( 'style/images/new.gif', dirname( __DIR__ ) . '/postman-smtp.php' ) . '"><a target="blank" class="align-middle" href="https://postmansmtp.com/category/guides/" class="welcome-icon postman_guides">%s</a></li>', __( 'Guides', 'post-smtp' ) ); print '</ul></div></div></div></div>'; ?> diff --git a/style/postman-email-log.css b/style/postman-email-log.css index 873b392..d944fb5 100644 --- a/style/postman-email-log.css +++ b/style/postman-email-log.css @@ -18,15 +18,16 @@ th#date { .postman-log-row { padding: 20px; display: flex; - justify-content: space-around; align-items: center; - border-bottom: 1px solid #ddd; + border-bottom: 1px solid #ddd; + flex-wrap: wrap; } #postman_page_records { padding: 10px; line-height: normal; height: auto; + margin-right: 10px; } #postman-log-actions { |