security + export csv

author: yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> 2019-08-28 20:15:29 +0000
committer: yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> 2019-08-28 20:15:29 +0000
commit: 5f134fb5839bf3e161385727c2a2009b54444878 (patch)
tree: c504f5ec5158704dbfd96f74d8675ab228f0070a /Postman
parent: 6372e454198ed7a1a792b5bfd286af1178ae7d63 (diff)
download: Post-SMTP-5f134fb5839bf3e161385727c2a2009b54444878.zip
6 files changed, 71 insertions, 11 deletions
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogController.php b/Postman/Postman-Email-Log/PostmanEmailLogController.php
index 49f226b..c496455 100644
--- a/Postman/Postman-Email-Log/PostmanEmailLogController.php
+++ b/Postman/Postman-Email-Log/PostmanEmailLogController.php
@@ -72,8 +72,48 @@ class PostmanEmailLogController {
 				PostmanViewController::JQUERY_SCRIPT,
 				PostmanViewController::POSTMAN_SCRIPT,
 		), $pluginData ['version'] );
+		$this->handleCsvExport();
 	}
 
+	function handleCsvExport() {
+        if ( ! empty( $_POST ) && ! wp_verify_nonce( $_REQUEST['post-smtp-log'], 'post-smtp' ) )
+            die( 'Security check' );
+
+        if ( isset( $_POST['postman_export_csv'] ) && current_user_can( Postman::MANAGE_POSTMAN_CAPABILITY_LOGS ) ) {
+            $args = array(
+                'post_type' => PostmanEmailLogPostType::POSTMAN_CUSTOM_POST_TYPE_SLUG,
+                'post_status' => PostmanEmailLogService::POSTMAN_CUSTOM_POST_STATUS_PRIVATE,
+                'posts_per_page' => -1,
+            );
+            $logs = new WP_Query($args);
+
+            if ( empty( $logs->posts ) ) {
+                return;
+            }
+
+            header('Content-Type: text/csv');
+            header('Content-Disposition: attachment; filename="email-logs.csv"');
+
+            $fp = fopen('php://output', 'wb');
+
+            $headers = array_keys( PostmanLogFields::get_instance()->get_fields() );
+            fputcsv($fp, $headers);
+
+            foreach ( $logs->posts as $log ) {
+                $meta = PostmanLogFields::get_instance()->get($log->ID);
+                $data = [];
+                foreach ( $meta as $header => $line ) {
+                    $data[] = $line[0];
+                }
+                fputcsv($fp, $data);
+            }
+
+            fclose($fp);
+            die();
+
+        }
+    }
+
 	/**
 	 */
 	public function resendMail() {
@@ -404,14 +444,21 @@ class PostmanEmailLogController {
 					}
 					?>
 				</select>	
-			</div>		
-			<div class="form-control" style="padding: 0 5px 0 5px;">
+			</div>
+
+            <div class="form-control">
+                <button type="submit" id="postman_export_csv" name="postman_export_csv" class="button button-primary"><?php _e( 'Export To CSV', 'post-smtp' ); ?></button>
+            </div>
+
+			<div class="form-control" style="padding: 0 5px 0 5px; margin-right: 50px;">
 				<button type="submit" name="filter" class="button button-primary"><?php _e( 'Filter/Search', 'post-smtp' ); ?></button>
-			</div>	
+			</div>
+
 			<div class="form-control">
 				<button type="submit" id="postman_trash_all" name="postman_trash_all" class="button button-primary"><?php _e( 'Trash All', 'post-smtp' ); ?></button>
-			</div>			
-		</div>
+			</div>
+
+        </div>
 		<div class="error">Please notice: when you select a date for example 11/20/2017, behind the scene the query select <b>11/20/2017 00:00:00</b>.<br>So if you searching for an email arrived that day at any hour you need to select 11/20/2017 as the <b>From Date</b> and 11/21/2017 as the <b>To Date</b>.</div>
 	</form>
 	
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogView.php b/Postman/Postman-Email-Log/PostmanEmailLogView.php
index 2860690..205235d 100644
--- a/Postman/Postman-Email-Log/PostmanEmailLogView.php
+++ b/Postman/Postman-Email-Log/PostmanEmailLogView.php
@@ -263,7 +263,7 @@ class PostmanEmailLogView extends WP_List_Table {
 	 *       ************************************************************************
 	 */
 	function prepare_items() {
-        if ( ! wp_verify_nonce( $_REQUEST['post-smtp-log'], 'post-smtp' ) )
+        if ( ! empty( $_POST ) && ! wp_verify_nonce( $_REQUEST['post-smtp-log'], 'post-smtp' ) )
             die( 'Security check' );
 
             /**
diff --git a/Postman/PostmanAjaxController.php b/Postman/PostmanAjaxController.php
index 16d70cc..ad63464 100644
--- a/Postman/PostmanAjaxController.php
+++ b/Postman/PostmanAjaxController.php
@@ -49,9 +49,16 @@ if (! class_exists ( 'PostmanAbstractAjaxHandler' )) {
 		 */
 		protected function getRequestParameter($parameterName) {
 			if (isset ( $_POST [$parameterName] )) {
-				$value = sanitize_text_field($_POST[$parameterName]);
+			    if ( is_array($_POST [$parameterName] ) ) {
+                    array_walk_recursive( $_POST [$parameterName], 'sanitize_text_field' );
+                    $value = $_POST [$parameterName];
+                } else {
+                    $value = sanitize_text_field($_POST[$parameterName]);
+                }
+
 				$this->logger->trace ( sprintf ( 'Found parameter "%s"', $parameterName ) );
 				$this->logger->trace ( $value );
+
 				return $value;
 			}
 		}
diff --git a/Postman/PostmanInputSanitizer.php b/Postman/PostmanInputSanitizer.php
index 1b73378..75a0041 100644
--- a/Postman/PostmanInputSanitizer.php
+++ b/Postman/PostmanInputSanitizer.php
@@ -121,7 +121,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) {
 		public function sanitizeString( $desc, $key, $input, &$new_input ) {
 			if ( isset( $input [ $key ] ) ) {
 				$this->logSanitize( $desc, $input [ $key ] );
-				$new_input [ $key ] = trim( $input [ $key ] );
+				$new_input [ $key ] = sanitize_text_field( trim( $input [ $key ] ) );
 			}
 		}
 
@@ -149,7 +149,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) {
 					$new_input [ $key ] = $existingPassword;
 				} else {
 					// otherwise the password is new, so trim it
-					$new_input [ $key ] = trim( $input [ $key ] );
+					$new_input [ $key ] = sanitize_text_field( trim( $input [ $key ] ) );
 				}
 				// log it
 				$this->logSanitize( $desc, $new_input [ $key ] );
@@ -158,6 +158,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) {
 			}
 			$this->logger->debug( sprintf( 'Encoding %s as %s', $desc, $new_input [ $key ] ) );
 		}
+
 		private function sanitizeLogMax( $desc, $key, $input, &$new_input ) {
 			if ( isset( $input [ $key ] ) ) {
 				$value = absint( $input [ $key ] );
@@ -167,10 +168,11 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) {
 					$h->addError( sprintf( '%s %s', __( 'Maximum Log Entries', 'post-smtp' ), __( 'must be greater than 0', 'post-smtp' ) ) );
 				} else {
 					$this->logSanitize( $desc, $input [ $key ] );
-					$new_input [ $key ] = $value;
+					$new_input [ $key ] = absint($value);
 				}
 			}
 		}
+
 		private function sanitizeInt( $desc, $key, $input, &$new_input ) {
 			if ( isset( $input [ $key ] ) ) {
 				$this->logSanitize( $desc, $input [ $key ] );
diff --git a/Postman/PostmanLogFields.php b/Postman/PostmanLogFields.php
index 9299586..84a3121 100644
--- a/Postman/PostmanLogFields.php
+++ b/Postman/PostmanLogFields.php
@@ -41,6 +41,10 @@ class PostmanLogFields {
         return $data;
     }
 
+    public function get_fields() {
+        return $this->fields;
+    }
+
     public function update( $post_id, $key, $value ) {
         $sanitized = $this->sanitize( $key, $value );
         $encode = $this->encode( $sanitized );
diff --git a/Postman/PostmanViewController.php b/Postman/PostmanViewController.php
index 9082d35..726880b 100644
--- a/Postman/PostmanViewController.php
+++ b/Postman/PostmanViewController.php
@@ -374,7 +374,7 @@ if ( ! class_exists( 'PostmanViewController' ) ) {
                 printf( '<li><a href="%s" class="welcome-icon run-port-test">%s</a></li>', $this->getPageUrl( PostmanConnectivityTestController::PORT_TEST_SLUG ), __( 'Connectivity Test', 'post-smtp' ) );
                 printf( '<li><a href="%s" class="welcome-icon run-port-test">%s</a></li>', $this->getPageUrl( PostmanDiagnosticTestController::DIAGNOSTICS_SLUG ), __( 'Diagnostic Test', 'post-smtp' ) );
                 printf( '<li><a href="%s" data-security="%s" class="welcome-icon release-lock-file">%s</a></li>', '#', wp_create_nonce( "postman" ), __( 'Release Lock File Error', 'post-smtp' ) );
-                printf( '<li><a href="https://postmansmtp.com/forums/" class="welcome-icon postman_support">%s</a></li>', __( 'Online Support', 'post-smtp' ) );
+                printf( '<li><a href="https://wordpress.org/support/plugin/post-smtp/" class="welcome-icon postman_support">%s</a></li>', __( 'Online Support', 'post-smtp' ) );
                 printf( '<li><img class="align-middle" src="' . plugins_url( 'style/images/new.gif', dirname( __DIR__ ) . '/postman-smtp.php' ) . '"><a target="blank" class="align-middle" href="https://postmansmtp.com/category/guides/" class="welcome-icon postman_guides">%s</a></li>', __( 'Guides', 'post-smtp' ) );
                 print '</ul></div></div></div></div>';
                 ?>
author	yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664>	2019-08-28 20:15:29 +0000
committer	yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664>	2019-08-28 20:15:29 +0000
commit	5f134fb5839bf3e161385727c2a2009b54444878 (patch)
tree	c504f5ec5158704dbfd96f74d8675ab228f0070a /Postman
parent	6372e454198ed7a1a792b5bfd286af1178ae7d63 (diff)
download	Post-SMTP-5f134fb5839bf3e161385727c2a2009b54444878.zip