summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoryehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664>2019-08-28 20:15:29 +0000
committeryehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664>2019-08-28 20:15:29 +0000
commit5f134fb5839bf3e161385727c2a2009b54444878 (patch)
treec504f5ec5158704dbfd96f74d8675ab228f0070a
parent6372e454198ed7a1a792b5bfd286af1178ae7d63 (diff)
downloadPost-SMTP-5f134fb5839bf3e161385727c2a2009b54444878.zip
security + export csv
-rw-r--r--Postman/Postman-Email-Log/PostmanEmailLogController.php57
-rw-r--r--Postman/Postman-Email-Log/PostmanEmailLogView.php2
-rw-r--r--Postman/PostmanAjaxController.php9
-rw-r--r--Postman/PostmanInputSanitizer.php8
-rw-r--r--Postman/PostmanLogFields.php4
-rw-r--r--Postman/PostmanViewController.php2
-rw-r--r--style/postman-email-log.css5
7 files changed, 74 insertions, 13 deletions
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogController.php b/Postman/Postman-Email-Log/PostmanEmailLogController.php
index 49f226b..c496455 100644
--- a/Postman/Postman-Email-Log/PostmanEmailLogController.php
+++ b/Postman/Postman-Email-Log/PostmanEmailLogController.php
@@ -72,8 +72,48 @@ class PostmanEmailLogController {
PostmanViewController::JQUERY_SCRIPT,
PostmanViewController::POSTMAN_SCRIPT,
), $pluginData ['version'] );
+ $this->handleCsvExport();
}
+ function handleCsvExport() {
+ if ( ! empty( $_POST ) && ! wp_verify_nonce( $_REQUEST['post-smtp-log'], 'post-smtp' ) )
+ die( 'Security check' );
+
+ if ( isset( $_POST['postman_export_csv'] ) && current_user_can( Postman::MANAGE_POSTMAN_CAPABILITY_LOGS ) ) {
+ $args = array(
+ 'post_type' => PostmanEmailLogPostType::POSTMAN_CUSTOM_POST_TYPE_SLUG,
+ 'post_status' => PostmanEmailLogService::POSTMAN_CUSTOM_POST_STATUS_PRIVATE,
+ 'posts_per_page' => -1,
+ );
+ $logs = new WP_Query($args);
+
+ if ( empty( $logs->posts ) ) {
+ return;
+ }
+
+ header('Content-Type: text/csv');
+ header('Content-Disposition: attachment; filename="email-logs.csv"');
+
+ $fp = fopen('php://output', 'wb');
+
+ $headers = array_keys( PostmanLogFields::get_instance()->get_fields() );
+ fputcsv($fp, $headers);
+
+ foreach ( $logs->posts as $log ) {
+ $meta = PostmanLogFields::get_instance()->get($log->ID);
+ $data = [];
+ foreach ( $meta as $header => $line ) {
+ $data[] = $line[0];
+ }
+ fputcsv($fp, $data);
+ }
+
+ fclose($fp);
+ die();
+
+ }
+ }
+
/**
*/
public function resendMail() {
@@ -404,14 +444,21 @@ class PostmanEmailLogController {
}
?>
</select>
- </div>
- <div class="form-control" style="padding: 0 5px 0 5px;">
+ </div>
+
+ <div class="form-control">
+ <button type="submit" id="postman_export_csv" name="postman_export_csv" class="button button-primary"><?php _e( 'Export To CSV', 'post-smtp' ); ?></button>
+ </div>
+
+ <div class="form-control" style="padding: 0 5px 0 5px; margin-right: 50px;">
<button type="submit" name="filter" class="button button-primary"><?php _e( 'Filter/Search', 'post-smtp' ); ?></button>
- </div>
+ </div>
+
<div class="form-control">
<button type="submit" id="postman_trash_all" name="postman_trash_all" class="button button-primary"><?php _e( 'Trash All', 'post-smtp' ); ?></button>
- </div>
- </div>
+ </div>
+
+ </div>
<div class="error">Please notice: when you select a date for example 11/20/2017, behind the scene the query select <b>11/20/2017 00:00:00</b>.<br>So if you searching for an email arrived that day at any hour you need to select 11/20/2017 as the <b>From Date</b> and 11/21/2017 as the <b>To Date</b>.</div>
</form>
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogView.php b/Postman/Postman-Email-Log/PostmanEmailLogView.php
index 2860690..205235d 100644
--- a/Postman/Postman-Email-Log/PostmanEmailLogView.php
+++ b/Postman/Postman-Email-Log/PostmanEmailLogView.php
@@ -263,7 +263,7 @@ class PostmanEmailLogView extends WP_List_Table {
* ************************************************************************
*/
function prepare_items() {
- if ( ! wp_verify_nonce( $_REQUEST['post-smtp-log'], 'post-smtp' ) )
+ if ( ! empty( $_POST ) && ! wp_verify_nonce( $_REQUEST['post-smtp-log'], 'post-smtp' ) )
die( 'Security check' );
/**
diff --git a/Postman/PostmanAjaxController.php b/Postman/PostmanAjaxController.php
index 16d70cc..ad63464 100644
--- a/Postman/PostmanAjaxController.php
+++ b/Postman/PostmanAjaxController.php
@@ -49,9 +49,16 @@ if (! class_exists ( 'PostmanAbstractAjaxHandler' )) {
*/
protected function getRequestParameter($parameterName) {
if (isset ( $_POST [$parameterName] )) {
- $value = sanitize_text_field($_POST[$parameterName]);
+ if ( is_array($_POST [$parameterName] ) ) {
+ array_walk_recursive( $_POST [$parameterName], 'sanitize_text_field' );
+ $value = $_POST [$parameterName];
+ } else {
+ $value = sanitize_text_field($_POST[$parameterName]);
+ }
+
$this->logger->trace ( sprintf ( 'Found parameter "%s"', $parameterName ) );
$this->logger->trace ( $value );
+
return $value;
}
}
diff --git a/Postman/PostmanInputSanitizer.php b/Postman/PostmanInputSanitizer.php
index 1b73378..75a0041 100644
--- a/Postman/PostmanInputSanitizer.php
+++ b/Postman/PostmanInputSanitizer.php
@@ -121,7 +121,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) {
public function sanitizeString( $desc, $key, $input, &$new_input ) {
if ( isset( $input [ $key ] ) ) {
$this->logSanitize( $desc, $input [ $key ] );
- $new_input [ $key ] = trim( $input [ $key ] );
+ $new_input [ $key ] = sanitize_text_field( trim( $input [ $key ] ) );
}
}
@@ -149,7 +149,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) {
$new_input [ $key ] = $existingPassword;
} else {
// otherwise the password is new, so trim it
- $new_input [ $key ] = trim( $input [ $key ] );
+ $new_input [ $key ] = sanitize_text_field( trim( $input [ $key ] ) );
}
// log it
$this->logSanitize( $desc, $new_input [ $key ] );
@@ -158,6 +158,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) {
}
$this->logger->debug( sprintf( 'Encoding %s as %s', $desc, $new_input [ $key ] ) );
}
+
private function sanitizeLogMax( $desc, $key, $input, &$new_input ) {
if ( isset( $input [ $key ] ) ) {
$value = absint( $input [ $key ] );
@@ -167,10 +168,11 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) {
$h->addError( sprintf( '%s %s', __( 'Maximum Log Entries', 'post-smtp' ), __( 'must be greater than 0', 'post-smtp' ) ) );
} else {
$this->logSanitize( $desc, $input [ $key ] );
- $new_input [ $key ] = $value;
+ $new_input [ $key ] = absint($value);
}
}
}
+
private function sanitizeInt( $desc, $key, $input, &$new_input ) {
if ( isset( $input [ $key ] ) ) {
$this->logSanitize( $desc, $input [ $key ] );
diff --git a/Postman/PostmanLogFields.php b/Postman/PostmanLogFields.php
index 9299586..84a3121 100644
--- a/Postman/PostmanLogFields.php
+++ b/Postman/PostmanLogFields.php
@@ -41,6 +41,10 @@ class PostmanLogFields {
return $data;
}
+ public function get_fields() {
+ return $this->fields;
+ }
+
public function update( $post_id, $key, $value ) {
$sanitized = $this->sanitize( $key, $value );
$encode = $this->encode( $sanitized );
diff --git a/Postman/PostmanViewController.php b/Postman/PostmanViewController.php
index 9082d35..726880b 100644
--- a/Postman/PostmanViewController.php
+++ b/Postman/PostmanViewController.php
@@ -374,7 +374,7 @@ if ( ! class_exists( 'PostmanViewController' ) ) {
printf( '<li><a href="%s" class="welcome-icon run-port-test">%s</a></li>', $this->getPageUrl( PostmanConnectivityTestController::PORT_TEST_SLUG ), __( 'Connectivity Test', 'post-smtp' ) );
printf( '<li><a href="%s" class="welcome-icon run-port-test">%s</a></li>', $this->getPageUrl( PostmanDiagnosticTestController::DIAGNOSTICS_SLUG ), __( 'Diagnostic Test', 'post-smtp' ) );
printf( '<li><a href="%s" data-security="%s" class="welcome-icon release-lock-file">%s</a></li>', '#', wp_create_nonce( "postman" ), __( 'Release Lock File Error', 'post-smtp' ) );
- printf( '<li><a href="https://postmansmtp.com/forums/" class="welcome-icon postman_support">%s</a></li>', __( 'Online Support', 'post-smtp' ) );
+ printf( '<li><a href="https://wordpress.org/support/plugin/post-smtp/" class="welcome-icon postman_support">%s</a></li>', __( 'Online Support', 'post-smtp' ) );
printf( '<li><img class="align-middle" src="' . plugins_url( 'style/images/new.gif', dirname( __DIR__ ) . '/postman-smtp.php' ) . '"><a target="blank" class="align-middle" href="https://postmansmtp.com/category/guides/" class="welcome-icon postman_guides">%s</a></li>', __( 'Guides', 'post-smtp' ) );
print '</ul></div></div></div></div>';
?>
diff --git a/style/postman-email-log.css b/style/postman-email-log.css
index 873b392..d944fb5 100644
--- a/style/postman-email-log.css
+++ b/style/postman-email-log.css
@@ -18,15 +18,16 @@ th#date {
.postman-log-row {
padding: 20px;
display: flex;
- justify-content: space-around;
align-items: center;
- border-bottom: 1px solid #ddd;
+ border-bottom: 1px solid #ddd;
+ flex-wrap: wrap;
}
#postman_page_records {
padding: 10px;
line-height: normal;
height: auto;
+ margin-right: 10px;
}
#postman-log-actions {