From 5f134fb5839bf3e161385727c2a2009b54444878 Mon Sep 17 00:00:00 2001 From: yehudah Date: Wed, 28 Aug 2019 20:15:29 +0000 Subject: security + export csv --- .../PostmanEmailLogController.php | 57 ++++++++++++++++++++-- Postman/Postman-Email-Log/PostmanEmailLogView.php | 2 +- Postman/PostmanAjaxController.php | 9 +++- Postman/PostmanInputSanitizer.php | 8 +-- Postman/PostmanLogFields.php | 4 ++ Postman/PostmanViewController.php | 2 +- 6 files changed, 71 insertions(+), 11 deletions(-) (limited to 'Postman') diff --git a/Postman/Postman-Email-Log/PostmanEmailLogController.php b/Postman/Postman-Email-Log/PostmanEmailLogController.php index 49f226b..c496455 100644 --- a/Postman/Postman-Email-Log/PostmanEmailLogController.php +++ b/Postman/Postman-Email-Log/PostmanEmailLogController.php @@ -72,8 +72,48 @@ class PostmanEmailLogController { PostmanViewController::JQUERY_SCRIPT, PostmanViewController::POSTMAN_SCRIPT, ), $pluginData ['version'] ); + $this->handleCsvExport(); } + function handleCsvExport() { + if ( ! empty( $_POST ) && ! wp_verify_nonce( $_REQUEST['post-smtp-log'], 'post-smtp' ) ) + die( 'Security check' ); + + if ( isset( $_POST['postman_export_csv'] ) && current_user_can( Postman::MANAGE_POSTMAN_CAPABILITY_LOGS ) ) { + $args = array( + 'post_type' => PostmanEmailLogPostType::POSTMAN_CUSTOM_POST_TYPE_SLUG, + 'post_status' => PostmanEmailLogService::POSTMAN_CUSTOM_POST_STATUS_PRIVATE, + 'posts_per_page' => -1, + ); + $logs = new WP_Query($args); + + if ( empty( $logs->posts ) ) { + return; + } + + header('Content-Type: text/csv'); + header('Content-Disposition: attachment; filename="email-logs.csv"'); + + $fp = fopen('php://output', 'wb'); + + $headers = array_keys( PostmanLogFields::get_instance()->get_fields() ); + fputcsv($fp, $headers); + + foreach ( $logs->posts as $log ) { + $meta = PostmanLogFields::get_instance()->get($log->ID); + $data = []; + foreach ( $meta as $header => $line ) { + $data[] = $line[0]; + } + fputcsv($fp, $data); + } + + fclose($fp); + die(); + + } + } + /** */ public function resendMail() { @@ -404,14 +444,21 @@ class PostmanEmailLogController { } ?> - -
+
+ +
+ +
+ +
-
+ +
-
- + + +
Please notice: when you select a date for example 11/20/2017, behind the scene the query select 11/20/2017 00:00:00.
So if you searching for an email arrived that day at any hour you need to select 11/20/2017 as the From Date and 11/21/2017 as the To Date.
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogView.php b/Postman/Postman-Email-Log/PostmanEmailLogView.php index 2860690..205235d 100644 --- a/Postman/Postman-Email-Log/PostmanEmailLogView.php +++ b/Postman/Postman-Email-Log/PostmanEmailLogView.php @@ -263,7 +263,7 @@ class PostmanEmailLogView extends WP_List_Table { * ************************************************************************ */ function prepare_items() { - if ( ! wp_verify_nonce( $_REQUEST['post-smtp-log'], 'post-smtp' ) ) + if ( ! empty( $_POST ) && ! wp_verify_nonce( $_REQUEST['post-smtp-log'], 'post-smtp' ) ) die( 'Security check' ); /** diff --git a/Postman/PostmanAjaxController.php b/Postman/PostmanAjaxController.php index 16d70cc..ad63464 100644 --- a/Postman/PostmanAjaxController.php +++ b/Postman/PostmanAjaxController.php @@ -49,9 +49,16 @@ if (! class_exists ( 'PostmanAbstractAjaxHandler' )) { */ protected function getRequestParameter($parameterName) { if (isset ( $_POST [$parameterName] )) { - $value = sanitize_text_field($_POST[$parameterName]); + if ( is_array($_POST [$parameterName] ) ) { + array_walk_recursive( $_POST [$parameterName], 'sanitize_text_field' ); + $value = $_POST [$parameterName]; + } else { + $value = sanitize_text_field($_POST[$parameterName]); + } + $this->logger->trace ( sprintf ( 'Found parameter "%s"', $parameterName ) ); $this->logger->trace ( $value ); + return $value; } } diff --git a/Postman/PostmanInputSanitizer.php b/Postman/PostmanInputSanitizer.php index 1b73378..75a0041 100644 --- a/Postman/PostmanInputSanitizer.php +++ b/Postman/PostmanInputSanitizer.php @@ -121,7 +121,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) { public function sanitizeString( $desc, $key, $input, &$new_input ) { if ( isset( $input [ $key ] ) ) { $this->logSanitize( $desc, $input [ $key ] ); - $new_input [ $key ] = trim( $input [ $key ] ); + $new_input [ $key ] = sanitize_text_field( trim( $input [ $key ] ) ); } } @@ -149,7 +149,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) { $new_input [ $key ] = $existingPassword; } else { // otherwise the password is new, so trim it - $new_input [ $key ] = trim( $input [ $key ] ); + $new_input [ $key ] = sanitize_text_field( trim( $input [ $key ] ) ); } // log it $this->logSanitize( $desc, $new_input [ $key ] ); @@ -158,6 +158,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) { } $this->logger->debug( sprintf( 'Encoding %s as %s', $desc, $new_input [ $key ] ) ); } + private function sanitizeLogMax( $desc, $key, $input, &$new_input ) { if ( isset( $input [ $key ] ) ) { $value = absint( $input [ $key ] ); @@ -167,10 +168,11 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) { $h->addError( sprintf( '%s %s', __( 'Maximum Log Entries', 'post-smtp' ), __( 'must be greater than 0', 'post-smtp' ) ) ); } else { $this->logSanitize( $desc, $input [ $key ] ); - $new_input [ $key ] = $value; + $new_input [ $key ] = absint($value); } } } + private function sanitizeInt( $desc, $key, $input, &$new_input ) { if ( isset( $input [ $key ] ) ) { $this->logSanitize( $desc, $input [ $key ] ); diff --git a/Postman/PostmanLogFields.php b/Postman/PostmanLogFields.php index 9299586..84a3121 100644 --- a/Postman/PostmanLogFields.php +++ b/Postman/PostmanLogFields.php @@ -41,6 +41,10 @@ class PostmanLogFields { return $data; } + public function get_fields() { + return $this->fields; + } + public function update( $post_id, $key, $value ) { $sanitized = $this->sanitize( $key, $value ); $encode = $this->encode( $sanitized ); diff --git a/Postman/PostmanViewController.php b/Postman/PostmanViewController.php index 9082d35..726880b 100644 --- a/Postman/PostmanViewController.php +++ b/Postman/PostmanViewController.php @@ -374,7 +374,7 @@ if ( ! class_exists( 'PostmanViewController' ) ) { printf( '
  • %s
  • ', $this->getPageUrl( PostmanConnectivityTestController::PORT_TEST_SLUG ), __( 'Connectivity Test', 'post-smtp' ) ); printf( '
  • %s
  • ', $this->getPageUrl( PostmanDiagnosticTestController::DIAGNOSTICS_SLUG ), __( 'Diagnostic Test', 'post-smtp' ) ); printf( '
  • %s
  • ', '#', wp_create_nonce( "postman" ), __( 'Release Lock File Error', 'post-smtp' ) ); - printf( '
  • %s
  • ', __( 'Online Support', 'post-smtp' ) ); + printf( '
  • %s
  • ', __( 'Online Support', 'post-smtp' ) ); printf( '
  • %s
  • ', __( 'Guides', 'post-smtp' ) ); print ''; ?> -- cgit v1.2.3