get_safe_view_name() !== $page ) { return; } // Tab links. $wsal_setting_tabs = array( 'general' => array( 'name' => esc_html__( 'General', 'wp-security-audit-log' ), 'link' => add_query_arg( 'tab', 'general', $this->get_url() ), 'render' => array( $this, 'tab_general' ), 'save' => array( $this, 'tab_general_save' ), 'priority' => 10, ), 'audit-log' => array( 'name' => esc_html__( 'Activity log viewer', 'wp-security-audit-log' ), 'link' => add_query_arg( 'tab', 'audit-log', $this->get_url() ), 'render' => array( $this, 'tab_audit_log' ), 'save' => array( $this, 'tab_audit_log_save' ), 'priority' => 20, ), 'file-changes' => array( 'name' => esc_html__( 'File changes', 'wp-security-audit-log' ), 'link' => add_query_arg( 'tab', 'file-changes', $this->get_url() ), 'render' => array( $this, 'tab_file_changes' ), 'priority' => 30, ), 'exclude-objects' => array( 'name' => esc_html__( 'Exclude objects', 'wp-security-audit-log' ), 'link' => add_query_arg( 'tab', 'exclude-objects', $this->get_url() ), 'render' => array( $this, 'tab_exclude_objects' ), 'save' => array( $this, 'tab_exclude_objects_save' ), 'priority' => 40, ), 'advanced-settings' => array( 'name' => esc_html__( 'Advanced settings', 'wp-security-audit-log' ), 'link' => add_query_arg( 'tab', 'advanced-settings', $this->get_url() ), 'render' => array( $this, 'tab_advanced_settings' ), 'save' => array( $this, 'tab_advanced_settings_save' ), 'priority' => 100, ), ); /** * Filter: `wsal_setting_tabs` * * This filter is used to filter the tabs of WSAL settings page. * * Setting tabs structure: * $wsal_setting_tabs['unique-tab-id'] = array( * 'name' => Name of the tab, * 'link' => Link of the tab, * 'render' => This function is used to render HTML elements in the tab, * 'name' => This function is used to save the related setting of the tab, * 'priority' => Priority of the tab, * ); * * @param array $wsal_setting_tabs – Array of WSAL Setting Tabs. * * @since 3.2.3 */ $wsal_setting_tabs = apply_filters( 'wsal_setting_tabs', $wsal_setting_tabs ); // Sort by priority. array_multisort( array_column( $wsal_setting_tabs, 'priority' ), SORT_ASC, $wsal_setting_tabs ); $this->wsal_setting_tabs = $wsal_setting_tabs; // Get the current tab. $current_tab = ( isset( $_GET['tab'] ) ) ? \sanitize_text_field( \wp_unslash( $_GET['tab'] ) ) : ''; $this->current_tab = empty( $current_tab ) ? 'general' : $current_tab; } /** * {@inheritDoc} */ public function has_plugin_shortcut_link() { return true; } /** * {@inheritDoc} */ public function get_title() { return esc_html__( 'Settings', 'wp-security-audit-log' ); } /** * {@inheritDoc} */ public function get_icon() { return 'dashicons-admin-generic'; } /** * {@inheritDoc} */ public function get_name() { return esc_html__( 'Settings', 'wp-security-audit-log' ); } /** * {@inheritDoc} */ public function get_weight() { return 8; } /** * Method: Save settings. * * @throws Exception - Unrecognized settings tab error. */ protected function save() { // Bail early if user does not have sufficient permissions to save. if ( ! Settings_Helper::current_user_can( 'edit' ) ) { throw new Exception( esc_html__( 'Current user is not allowed to save settings.', 'wp-security-audit-log' ) ); } // Call respective tab save functions if they are set. Nonce is already verified at this point. if ( ! empty( $this->current_tab ) && ! empty( $this->wsal_setting_tabs[ $this->current_tab ]['save'] ) ) { call_user_func( $this->wsal_setting_tabs[ $this->current_tab ]['save'] ); } else { throw new Exception( esc_html__( 'Unknown settings tab.', 'wp-security-audit-log' ) ); } } /** * Method: Check security token. */ public function ajax_check_security_token() { if ( ! Settings_Helper::current_user_can( 'edit' ) ) { echo wp_json_encode( array( 'success' => false, 'message' => esc_html__( 'Access Denied.', 'wp-security-audit-log' ), ) ); die(); } $nonce = isset( $_POST['nonce'] ) ? \sanitize_text_field( \wp_unslash( $_POST['nonce'] ) ) : false; $token = isset( $_POST['token'] ) ? \sanitize_text_field( \wp_unslash( $_POST['token'] ) ) : false; if ( empty( $nonce ) || ! \wp_verify_nonce( $nonce, 'wsal-exclude-nonce' ) ) { echo wp_json_encode( array( 'success' => false, 'message' => esc_html__( 'Nonce verification failed.', 'wp-security-audit-log' ), ) ); die(); } if ( empty( $token ) ) { echo wp_json_encode( array( 'success' => false, 'message' => esc_html__( 'Invalid input.', 'wp-security-audit-log' ), ) ); die(); } $input_type = isset( $_POST['type'] ) ? \sanitize_text_field( \wp_unslash( $_POST['type'] ) ) : false; echo wp_json_encode( array( 'success' => true, 'token' => $token, 'tokenType' => esc_html( Plugin_Settings_Helper::get_token_type( $token, $input_type ) ), ) ); die(); } /** * Method: Run cleanup. */ public function ajax_run_cleanup() { // Verify nonce. if ( ! isset( $_REQUEST['nonce'] ) || false === wp_verify_nonce( \sanitize_text_field( \wp_unslash( $_REQUEST['nonce'] ) ), 'wsal-run-cleanup' ) ) { wp_send_json_error( esc_html__( 'Insecure request.', 'wp-security-audit-log' ) ); } if ( ! Settings_Helper::current_user_can( 'edit' ) ) { die( 'Access Denied.' ); } $now = time(); $max_sdate = Plugin_Settings_Helper::get_pruning_date(); // Pruning date. $archiving = Settings_Helper::is_archiving_set_and_enabled(); // phpcs:disable // phpcs:enable // Calculate limit timestamp. $max_stamp = $now - ( strtotime( $max_sdate ) - $now ); $items = array(); if ( $archiving ) { $connection_name = Settings_Helper::get_option_value( 'archive-connection' ); $wsal_db = Connection::get_connection( $connection_name ); $items = Delete_Records::delete( array(), 0, array( 'created_on <= %s' => intval( $max_stamp ) ), $wsal_db ); } $main_items = Delete_Records::delete( array(), 0, array( 'created_on <= %s' => intval( $max_stamp ) ) ); if ( $archiving ) { $archiving_args = array( 'page' => 'wsal-ext-settings', 'tab' => 'archiving', ); $archiving_url = add_query_arg( $archiving_args, \network_admin_url( 'admin.php' ) ); wp_safe_redirect( $archiving_url ); } else { if ( ( is_array( $items ) && count( $items ) ) || ( is_array( $main_items ) && count( $main_items ) ) ) { $redirect_args = array( 'tab' => 'audit-log', 'pruning' => 1, ); } else { $redirect_args = array( 'tab' => 'audit-log', 'pruning' => 0, ); } wp_safe_redirect( add_query_arg( $redirect_args, $this->get_url() ) ); } exit; } /** * {@inheritDoc} */ public function render() { // Verify nonce if a form is submitted. if ( isset( $_POST['_wpnonce'] ) ) { check_admin_referer( 'wsal-settings' ); } if ( ! Settings_Helper::current_user_can( 'edit' ) ) { wp_die( esc_html__( 'You do not have sufficient permissions to access this page.', 'wp-security-audit-log' ) ); } // Check to see if section parameter is set in the URL. $section = isset( $_GET['section'] ) ? \sanitize_text_field( wp_unslash( $_GET['section'] ) ) : false; if ( isset( $_POST['submit'] ) ) { try { $this->save(); // Save settings. if ( 'sms-provider' === $this->current_tab && $section && 'test' === $section ) : ?>

getMessage() ); ?>

wsal_setting_tabs[ $this->current_tab ]['save'] ); } if ( isset( $_GET['pruning'] ) && '1' === $_GET['pruning'] ) { ?>

current_tab && $section && 'test' === $section ) { \submit_button( esc_html__( 'Send Message', 'wp-security-audit-log' ) ); } elseif ( 'settings-export-import' !== $this->current_tab ) { \submit_button(); } ?>

is_free_plan() ) { ?> is_free_plan() ) { ?>

>
>

>
WP Activity Log plugin. The audit log also includes the IP address where you accessed this site from.', 'wp-security-audit-log' ); } // Allowed HTML tags for this setting. $allowed_tags = array( 'a' => array( 'href' => array(), 'title' => array(), 'target' => array(), ), ); ?>

Note: ', 'wp-security-audit-log' ), Plugin_Settings_Helper::get_allowed_html_tags() ) . esc_html__( 'The only HTML code allowed in the login page notification is for links ( < a href >< /a > ).', 'wp-security-audit-log' ); // phpcs:ignore ?>


' . esc_html__( 'learn more', 'wp-security-audit-log' ) . '' ); ?>




array( 'href' => true, 'target' => true, ), ); echo wp_kses( sprintf( /* translators: Learn more link. */ esc_html__( 'By default only users with administrator role (single site) and super administrator role (multisite) can change the settings of the plugin. Though you can restrict the privileges to just your user - %s.', 'wp-security-audit-log' ), '' . __( 'learn more', 'wp-security-audit-log' ) . '' ), $allowed_tags ); $restrict_settings = Plugin_Settings_Helper::get_restrict_plugin_setting(); ?>



' . __( 'learn more', 'wp-security-audit-log' ) . '', $allowed_tags ); ?>

__( 'Only me', 'wp-security-audit-log' ), 'only_superadmins' => __( 'Super administators only', 'wp-security-audit-log' ), 'only_admins' => __( 'Super administators and site administrators', 'wp-security-audit-log' ), ); ?> $label ) : ?>

user_login === $item ) { continue; } ?> ×






>
is_free_plan() ) { Settings_Helper::set_boolean_option_value( 'disable-admin-bar-notif', ! \sanitize_text_field( $post_array['admin_bar_notif'] ), true ); Settings_Helper::set_option_value( 'admin-bar-notif-updates', \sanitize_text_field( $post_array['admin_bar_notif_updates'] ), true ); } // Handle log viewer settings in multisite context. if ( WP_Helper::is_multisite() ) { $log_viewer_restrictions = isset( $post_array['restrict-log-viewer'] ) ? \sanitize_text_field( $post_array['restrict-log-viewer'] ) : ''; Plugin_Settings_Helper::set_restrict_log_viewer( $log_viewer_restrictions ); if ( 'only_me' === $log_viewer_restrictions ) { Plugin_Settings_Helper::set_only_me_user_id( \get_current_user_id() ); } } // Get plugin viewers. $viewers = isset( $post_array['Viewers'] ) ? array_map( 'sanitize_text_field', $post_array['Viewers'] ) : array(); Plugin_Settings_Helper::set_allowed_plugin_viewers( $viewers ); // Handle plugin settings permissions. $restrict_settings = isset( $post_array['restrict-plugin-settings'] ) ? \sanitize_text_field( $post_array['restrict-plugin-settings'] ) : false; Plugin_Settings_Helper::set_restrict_plugin_setting( $restrict_settings ); if ( 'only_me' === $restrict_settings ) { Plugin_Settings_Helper::set_only_me_user_id( get_current_user_id() ); } Plugin_Settings_Helper::set_login_page_notification( isset( $post_array['login_page_notification'] ) ? \sanitize_text_field( $post_array['login_page_notification'] ) : false ); Plugin_Settings_Helper::set_login_page_notification_text( isset( $post_array['login_page_notification_text'] ) ? $post_array['login_page_notification_text'] : false ); Plugin_Settings_Helper::set_main_ip_from_proxy( isset( $post_array['EnableProxyIpCapture'] ) ? \sanitize_text_field( $post_array['EnableProxyIpCapture'] ) : false, ( isset( $post_array['header-to-use'] ) ? \sanitize_text_field( $post_array['header-to-use'] ) : 'REMOTE_ADDR' ), \sanitize_text_field( \wp_unslash( $post_array['CustomProxyIpHeader'] ) ) ); $is_incognito = isset( $post_array['Incognito'] ) ? Settings_Helper::string_to_bool( \sanitize_text_field( $post_array['Incognito'] ) ) : false; Plugin_Settings_Helper::set_incognito( $is_incognito ); } /** * Tab: `Audit Log` */ private function tab_audit_log() { ?>

Upgrade to Premium to store the activity log data in an external database.', 'wp-security-audit-log' ); // phpcs:disable // phpcs:enable echo wp_kses( $retention_help_text, Plugin_Settings_Helper::get_allowed_html_tags() ); ?>

can_use_premium_code() ) { $this->render_retention_settings_table(); } // phpcs:disable /* @free:end */ // phpcs:enable ?>






'file-monitor-settings', ); $wcfm_settings_page = add_query_arg( $redirect_args, \network_admin_url( 'admin.php' ) ); ?>

renderMetaExclusionSection( esc_html__( 'Exclude custom post fields:', 'wp-security-audit-log' ), Settings_Helper::get_excluded_post_meta_fields(), 'PostMeta' ); ?> renderMetaExclusionSection( esc_html__( 'Exclude custom user fields:', 'wp-security-audit-log' ), Settings_Helper::get_excluded_user_meta_fields(), 'UserMeta' ); ?>

×

×

×


×


×


×

contact us.', 'wp-security-audit-log' ), Plugin_Settings_Helper::get_allowed_html_tags() ); // phpcs:ignore ?>

factory reset the plugin. This means that all the configured settings will be reset to default and all email notifications, scheduled reports, external database / third party services connections, archiving and mirroring rule will be deleted. NOTE: the activity log data will not be purged. Use the setting below to purge the activity log.', 'wp-security-audit-log' ); // phpcs:ignore ?>

>




current_tab ) && 'advanced-settings' === $this->current_tab ) { // Remodal styles. wp_enqueue_style( 'wsal-remodal', WSAL_BASE_URL . 'css/remodal.css', array(), WSAL_VERSION ); wp_enqueue_style( 'wsal-remodal-theme', WSAL_BASE_URL . 'css/remodal-default-theme.css', array(), WSAL_VERSION ); } ?> current_tab ) && 'advanced-settings' === $this->current_tab ) { // Remodal script. wp_enqueue_script( 'wsal-remodal-js', WSAL_BASE_URL . 'js/remodal.min.js', array(), WSAL_VERSION, true ); } // Register settings script. wp_register_script( 'settings', WSAL_BASE_URL . 'js/settings.js', array(), WSAL_VERSION, true ); // Passing nonce for security to JS file. $wsal_data = array( 'wp_nonce' => wp_create_nonce( 'wsal-exclude-nonce' ), 'invalidURL' => esc_html__( 'The specified value is not a valid URL!', 'wp-security-audit-log' ), 'invalidCPT' => esc_html__( 'The specified value is not a valid post type!', 'wp-security-audit-log' ), 'invalidStatus' => esc_html__( 'The specified value is not a valid post status!', 'wp-security-audit-log' ), 'invalidIP' => esc_html__( 'The specified value is not a valid IP address!', 'wp-security-audit-log' ), 'invalidUser' => esc_html__( 'The specified value is not a user nor a role!', 'wp-security-audit-log' ), 'invalidFile' => esc_html__( 'Filename cannot be added because it contains invalid characters.', 'wp-security-audit-log' ), 'invalidFileExt' => esc_html__( 'File extension cannot be added because it contains invalid characters.', 'wp-security-audit-log' ), 'invalidDir' => esc_html__( 'Directory cannot be added because it contains invalid characters.', 'wp-security-audit-log' ), 'remove' => esc_html__( 'Remove', 'wp-security-audit-log' ), 'saveSettingsChanges' => esc_html__( 'Please save any changes before switching tabs.', 'wp-security-audit-log' ), ); wp_localize_script( 'settings', 'wsal_data', $wsal_data ); wp_enqueue_script( 'settings' ); ?> check_ajax_request_is_valid( $get_array ); // Fetch users. $users = array(); foreach ( get_users() as $user ) { if ( strpos( $user->user_login, \sanitize_text_field( \wp_unslash( $get_array['term'] ) ) ) !== false ) { array_push( $users, $user->user_login ); } } echo wp_json_encode( $users ); exit; } /** * Method: Ajax Request handler for AjaxGetAllRoles. */ public function ajax_get_all_roles() { // Filter $_GET array for security. $get_array = filter_input_array( INPUT_GET ); $this->check_ajax_request_is_valid( $get_array ); // Get roles. $roles = array(); foreach ( get_editable_roles() as $role_name => $role_info ) { if ( strpos( $role_name, \sanitize_text_field( \wp_unslash( $get_array['term'] ) ) ) !== false ) { array_push( $roles, $role_name ); } } echo wp_json_encode( $roles ); exit; } /** * Create json array of all possible severities. * * @return void * @since 4.3.3 */ public function ajax_get_all_severities() { // Filter $_GET array for security. $get_array = filter_input_array( INPUT_GET ); $this->check_ajax_request_is_valid( $get_array ); $result = array_map( function ( $item ) { return ucfirst( strtolower( str_replace( 'WSAL_', '', $item ) ) ); }, array_keys( Constants::get_severities() ) ); echo $this->filter_values_for_searched_term( // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped $result, \sanitize_text_field( \wp_unslash( $get_array['term'] ) ) ); exit; } /** * Filters values to return ones matching the desired term. * * @param array $items_to_filter List of items to filter. * @param string $term Search term. * * @return string JSON encoded filtered list. */ public function filter_values_for_searched_term( $items_to_filter, $term ) { $result = array_filter( $items_to_filter, function ( $value ) use ( $term ) { return strpos( strtolower( $value ), strtolower( $term ) ) !== false; } ); $result = array_map( 'strval', $result ); return wp_json_encode( $result ); } /** * Create json array of all possible event types. * * @return void * @since 4.3.3 */ public function ajax_get_all_event_types() { // Filter $_GET array for security. $get_array = filter_input_array( INPUT_GET ); $this->check_ajax_request_is_valid( $get_array ); $event_types = Alert_Manager::get_event_type_data(); echo $this->filter_values_for_searched_term( array_values( $event_types ), \sanitize_text_field( \wp_unslash( $get_array['term'] ) ) ); exit; } /** * Create json array of all possible object types. * * @return void * @since 4.3.3 */ public function ajax_get_all_object_types() { // Filter $_GET array for security. $get_array = filter_input_array( INPUT_GET ); $this->check_ajax_request_is_valid( $get_array ); $event_objects = Alert_Manager::get_event_objects_data(); echo $this->filter_values_for_searched_term( array_values( $event_objects ), \sanitize_text_field( \wp_unslash( $get_array['term'] ) ) ); // phpcs:ignore exit; } /** * Create json array of all possible event IDs. * * @return void * @since 4.3.3 */ public function ajax_get_all_event_ids() { $get_array = filter_input_array( INPUT_GET ); $this->check_ajax_request_is_valid( $get_array ); $registered_alerts = Alert_Manager::get_alerts(); // $alerts = array(); // foreach ( $registered_alerts as $alert => $details ) { // $alerts[] = (string) $details->code; // } echo $this->filter_values_for_searched_term( array_keys( $registered_alerts ), \sanitize_text_field( \wp_unslash( $get_array['term'] ) ) ); exit; } /** * Method: Get CPTs ajax handle. * * @since 2.6.7 */ public function ajax_get_all_cpts() { // Filter $_GET array for security. $get_array = filter_input_array( INPUT_GET ); $this->check_ajax_request_is_valid( $get_array ); // Get custom post types. $custom_post_types = array(); $post_types = get_post_types( array( 'public' => false, ), 'names' ); // if we are running multisite and have networkwide cpt tracker get the // list from and merge to the post_types array. if ( WP_Helper::is_multisite() ) { $network_cpts = WP_Helper::get_network_data_list(); foreach ( $network_cpts as $cpt ) { $post_types[ $cpt ] = $cpt; } } $post_types = array_diff( $post_types, array( 'attachment', 'revision', 'nav_menu_item', 'customize_changeset', 'custom_css' ) ); foreach ( $post_types as $post_type ) { if ( strpos( $post_type, \sanitize_text_field( \wp_unslash( $get_array['term'] ) ) ) !== false ) { array_push( $custom_post_types, $post_type ); } } echo wp_json_encode( $custom_post_types ); exit; } /** * Method: Get statuses ajax handle. * * @since 5.0.0 */ public function ajax_get_all_stati() { // Filter $_GET array for security. $get_array = filter_input_array( INPUT_GET ); $this->check_ajax_request_is_valid( $get_array ); $post_stati = get_post_stati(); echo wp_json_encode( $post_stati ); exit; } /** * Checks if provided GET array is valid and bails if not. * * @param array $get_array Get data. */ public function check_ajax_request_is_valid( $get_array ) { // Die if user does not have permission to edit. if ( ! Settings_Helper::current_user_can( 'edit' ) ) { die( 'Access Denied.' ); } // Die if nonce verification failed. if ( ! wp_verify_nonce( $get_array['wsal_nonce'], 'wsal-exclude-nonce' ) ) { die( esc_html__( 'Nonce verification failed.', 'wp-security-audit-log' ) ); } } /** * Method: Reset plugin settings table. */ public function reset_settings() { // Die if user does not have permission to change settings. if ( ! Settings_Helper::current_user_can( 'edit' ) ) { wp_send_json_error( esc_html__( 'Access Denied.', 'wp-security-audit-log' ) ); } // Verify nonce. if ( empty( $_POST['nonce'] ) || ! wp_verify_nonce( \sanitize_text_field( \wp_unslash( $_POST['nonce'] ) ), 'wsal-reset-settings' ) ) { wp_send_json_error( esc_html__( 'Nonce Verification Failed.', 'wp-security-audit-log' ) ); } // Delete all settings. Settings_Helper::delete_all_settings(); // Log settings reset event. Alert_Manager::trigger_event( 6006 ); wp_send_json_success( esc_html__( 'Plugin settings have been reset.', 'wp-security-audit-log' ) ); } /** * Method: Purge plugin occurrence & meta tables. */ public function purge_activity() { // Die if user does not have permission to change settings. if ( ! Settings_Helper::current_user_can( 'edit' ) ) { wp_send_json_error( esc_html__( 'Access Denied.', 'wp-security-audit-log' ) ); } // Verify nonce. if ( empty( $_POST['nonce'] ) || ! wp_verify_nonce( \sanitize_text_field( \wp_unslash( $_POST['nonce'] ) ), 'wsal-purge-activity' ) ) { wp_send_json_error( esc_html__( 'Nonce Verification Failed.', 'wp-security-audit-log' ) ); } $total = Occurrences_Entity::count_records(); $result = Database_Manager::purge_activity(); if ( $result ) { // Log purge activity event. Alert_Manager::trigger_event( 6034, array( 'PurgedCount' => $total, ) ); wp_send_json_success( esc_html__( 'Tables has been reset.', 'wp-security-audit-log' ) ); } else { wp_send_json_error( esc_html__( 'Reset query failed.', 'wp-security-audit-log' ) ); } } /** * Renders table with retention related settings. */ public function render_retention_settings_table() { // Check if the retention settings are enforced from the MainWP master site. $enforced_settings = Plugin_Settings_Helper::get_mainwp_enforced_settings(); $retention_settings_enforced_by_mainwp = array_key_exists( 'pruning_enabled', $enforced_settings ); ?>
esc_html__( 'Days', 'wp-security-audit-log' ), 'months' => esc_html__( 'Months', 'wp-security-audit-log' ), 'years' => esc_html__( 'Years', 'wp-security-audit-log' ), ); // Check if pruning limit was enabled for backwards compatibility. if ( Settings_Helper::get_boolean_option_value( 'pruning-limit-e' ) ) { $nbld = true; $pruning_date = '6'; $pruning_unit = 'months'; Settings_Helper::set_pruning_date_settings( true, $pruning_date . ' ' . $pruning_unit, $pruning_unit ); Plugin_Settings_Helper::set_pruning_limit_enabled( false ); } ?> min="1" />

'; echo esc_html__( 'You can run the purging process now by clicking the button below.', 'wp-security-audit-log' ); ?>