array(
'href' => true,
'target' => true,
),
);
echo wp_kses(
sprintf(
/* translators: Learn more link. */
esc_html__( 'By default only users with administrator role (single site) and super administrator role (multisite) can change the settings of the plugin. Though you can restrict the privileges to just your user - %s.', 'wp-security-audit-log' ),
'' . __( 'learn more', 'wp-security-audit-log' ) . ''
),
$allowed_tags
);
$restrict_settings = Plugin_Settings_Helper::get_restrict_plugin_setting();
?>
Upgrade to Premium to store the activity log data in an external database.', 'wp-security-audit-log' );
// phpcs:disable
// phpcs:enable
echo wp_kses( $retention_help_text, Plugin_Settings_Helper::get_allowed_html_tags() );
?>
factory reset the plugin. This means that all the configured settings will be reset to default and all email notifications, scheduled reports, external database / third party services connections, archiving and mirroring rule will be deleted. NOTE: the activity log data will not be purged. Use the setting below to purge the activity log.', 'wp-security-audit-log' ); // phpcs:ignore ?>
current_tab ) && 'advanced-settings' === $this->current_tab ) {
// Remodal styles.
wp_enqueue_style( 'wsal-remodal', WSAL_BASE_URL . 'css/remodal.css', array(), WSAL_VERSION );
wp_enqueue_style( 'wsal-remodal-theme', WSAL_BASE_URL . 'css/remodal-default-theme.css', array(), WSAL_VERSION );
}
?>
current_tab ) && 'advanced-settings' === $this->current_tab ) {
// Remodal script.
wp_enqueue_script(
'wsal-remodal-js',
WSAL_BASE_URL . 'js/remodal.min.js',
array(),
WSAL_VERSION,
true
);
}
// Register settings script.
wp_register_script(
'settings',
WSAL_BASE_URL . '/js/settings.js',
array(),
WSAL_VERSION,
true
);
// Passing nonce for security to JS file.
$wsal_data = array(
'wp_nonce' => wp_create_nonce( 'wsal-exclude-nonce' ),
'invalidURL' => esc_html__( 'The specified value is not a valid URL!', 'wp-security-audit-log' ),
'invalidCPT' => esc_html__( 'The specified value is not a valid post type!', 'wp-security-audit-log' ),
'invalidStatus' => esc_html__( 'The specified value is not a valid post status!', 'wp-security-audit-log' ),
'invalidIP' => esc_html__( 'The specified value is not a valid IP address!', 'wp-security-audit-log' ),
'invalidUser' => esc_html__( 'The specified value is not a user nor a role!', 'wp-security-audit-log' ),
'invalidFile' => esc_html__( 'Filename cannot be added because it contains invalid characters.', 'wp-security-audit-log' ),
'invalidFileExt' => esc_html__( 'File extension cannot be added because it contains invalid characters.', 'wp-security-audit-log' ),
'invalidDir' => esc_html__( 'Directory cannot be added because it contains invalid characters.', 'wp-security-audit-log' ),
'remove' => esc_html__( 'Remove', 'wp-security-audit-log' ),
'saveSettingsChanges' => esc_html__( 'Please save any changes before switching tabs.', 'wp-security-audit-log' ),
);
wp_localize_script( 'settings', 'wsal_data', $wsal_data );
wp_enqueue_script( 'settings' );
?>
check_ajax_request_is_valid( $get_array );
// Fetch users.
$users = array();
foreach ( get_users() as $user ) {
if ( strpos( $user->user_login, $get_array['term'] ) !== false ) {
array_push( $users, $user->user_login );
}
}
echo wp_json_encode( $users );
exit;
}
/**
* Method: Ajax Request handler for AjaxGetAllRoles.
*/
public function ajax_get_all_roles() {
// Filter $_GET array for security.
$get_array = filter_input_array( INPUT_GET );
$this->check_ajax_request_is_valid( $get_array );
// Get roles.
$roles = array();
foreach ( get_editable_roles() as $role_name => $role_info ) {
if ( strpos( $role_name, $get_array['term'] ) !== false ) {
array_push( $roles, $role_name );
}
}
echo wp_json_encode( $roles );
exit;
}
/**
* Create json array of all possible severities.
*
* @return void
* @since 4.3.3
*/
public function ajax_get_all_severities() {
// Filter $_GET array for security.
$get_array = filter_input_array( INPUT_GET );
$this->check_ajax_request_is_valid( $get_array );
$result = array_map(
function ( $item ) {
return ucfirst( strtolower( str_replace( 'WSAL_', '', $item ) ) );
},
array_keys( Constants::get_severities() )
);
echo $this->filter_values_for_searched_term( // phpcs:ignore
$result,
$get_array['term'] // phpcs:ignore
);
exit;
}
/**
* Filters values to return ones matching the desired term.
*
* @param array $items_to_filter List of items to filter.
* @param string $term Search term.
*
* @return string JSON encoded filtered list.
*/
public function filter_values_for_searched_term( $items_to_filter, $term ) {
$result = array_filter(
$items_to_filter,
function( $value ) use ( $term ) {
return strpos( strtolower( $value ), strtolower( $term ) ) !== false;
}
);
$result = array_map( 'strval', $result );
return wp_json_encode( $result );
}
/**
* Create json array of all possible event types.
*
* @return void
* @since 4.3.3
*/
public function ajax_get_all_event_types() {
// Filter $_GET array for security.
$get_array = filter_input_array( INPUT_GET );
$this->check_ajax_request_is_valid( $get_array );
$event_types = Alert_Manager::get_event_type_data();
echo $this->filter_values_for_searched_term( array_values( $event_types ), $get_array['term'] ); // phpcs:ignore
exit;
}
/**
* Create json array of all possible object types.
*
* @return void
* @since 4.3.3
*/
public function ajax_get_all_object_types() {
// Filter $_GET array for security.
$get_array = filter_input_array( INPUT_GET );
$this->check_ajax_request_is_valid( $get_array );
$event_objects = Alert_Manager::get_event_objects_data();
echo $this->filter_values_for_searched_term( array_values( $event_objects ), $get_array['term'] ); // phpcs:ignore
exit;
}
/**
* Create json array of all possible event IDs.
*
* @return void
* @since 4.3.3
*/
public function ajax_get_all_event_ids() {
$get_array = filter_input_array( INPUT_GET );
$this->check_ajax_request_is_valid( $get_array );
$registered_alerts = Alert_Manager::get_alerts();
// $alerts = array();
// foreach ( $registered_alerts as $alert => $details ) {
// $alerts[] = (string) $details->code;
// }
echo $this->filter_values_for_searched_term( array_keys( $registered_alerts ), $get_array['term'] ); // phpcs:ignore
exit;
}
/**
* Method: Get CPTs ajax handle.
*
* @since 2.6.7
*/
public function ajax_get_all_cpts() {
// Filter $_GET array for security.
$get_array = filter_input_array( INPUT_GET );
$this->check_ajax_request_is_valid( $get_array );
// Get custom post types.
$custom_post_types = array();
$post_types = get_post_types(
array(
'public' => false,
),
'names'
);
// if we are running multisite and have networkwide cpt tracker get the
// list from and merge to the post_types array.
if ( WP_Helper::is_multisite() && class_exists( '\WSAL\Multisite\NetworkWide\CPTsTracker' ) ) {
$network_cpts = \WSAL\Multisite\NetworkWide\CPTsTracker::get_network_data_list();
foreach ( $network_cpts as $cpt ) {
$post_types[ $cpt ] = $cpt;
}
}
$post_types = array_diff( $post_types, array( 'attachment', 'revision', 'nav_menu_item', 'customize_changeset', 'custom_css' ) );
foreach ( $post_types as $post_type ) {
if ( strpos( $post_type, $get_array['term'] ) !== false ) {
array_push( $custom_post_types, $post_type );
}
}
echo wp_json_encode( $custom_post_types );
exit;
}
/**
* Method: Get statuses ajax handle.
*
* @since 5.0.0
*/
public function ajax_get_all_stati() {
// Filter $_GET array for security.
$get_array = filter_input_array( INPUT_GET );
$this->check_ajax_request_is_valid( $get_array );
$post_stati = get_post_stati();
echo wp_json_encode( $post_stati );
exit;
}
/**
* Checks if provided GET array is valid and bails if not.
*
* @param array $get_array Get data.
*/
public function check_ajax_request_is_valid( $get_array ) {
// Die if user does not have permission to edit.
if ( ! Settings_Helper::current_user_can( 'edit' ) ) {
die( 'Access Denied.' );
}
// Die if nonce verification failed.
if ( ! wp_verify_nonce( $get_array['wsal_nonce'], 'wsal-exclude-nonce' ) ) {
die( esc_html__( 'Nonce verification failed.', 'wp-security-audit-log' ) );
}
}
/**
* Method: Reset plugin settings table.
*/
public function reset_settings() {
// Die if user does not have permission to change settings.
if ( ! Settings_Helper::current_user_can( 'edit' ) ) {
wp_send_json_error( esc_html__( 'Access Denied.', 'wp-security-audit-log' ) );
}
// Verify nonce.
if ( empty( $_POST['nonce'] ) || ! wp_verify_nonce( \sanitize_text_field( \wp_unslash( $_POST['nonce'] ) ), 'wsal-reset-settings' ) ) {
wp_send_json_error( esc_html__( 'Nonce Verification Failed.', 'wp-security-audit-log' ) );
}
// Delete all settings.
Settings_Helper::delete_all_settings();
// Log settings reset event.
Alert_Manager::trigger_event( 6006 );
wp_send_json_success( esc_html__( 'Plugin settings have been reset.', 'wp-security-audit-log' ) );
}
/**
* Method: Purge plugin occurrence & meta tables.
*/
public function purge_activity() {
// Die if user does not have permission to change settings.
if ( ! Settings_Helper::current_user_can( 'edit' ) ) {
wp_send_json_error( esc_html__( 'Access Denied.', 'wp-security-audit-log' ) );
}
// Verify nonce.
if ( empty( $_POST['nonce'] ) || ! wp_verify_nonce( \sanitize_text_field( \wp_unslash( $_POST['nonce'] ) ), 'wsal-purge-activity' ) ) {
wp_send_json_error( esc_html__( 'Nonce Verification Failed.', 'wp-security-audit-log' ) );
}
$result = Database_Manager::purge_activity();
if ( $result ) {
// Log purge activity event.
Alert_Manager::trigger_event( 6034 );
wp_send_json_success( esc_html__( 'Tables has been reset.', 'wp-security-audit-log' ) );
} else {
wp_send_json_error( esc_html__( 'Reset query failed.', 'wp-security-audit-log' ) );
}
}
/**
* Renders table with retention related settings.
*/
public function render_retention_settings_table() {
// Check if the retention settings are enforced from the MainWP master site.
$enforced_settings = Plugin_Settings_Helper::get_mainwp_enforced_settings();
$retention_settings_enforced_by_mainwp = array_key_exists( 'pruning_enabled', $enforced_settings );
?>
';
echo esc_html__( 'You can run the purging process now by clicking the button below.', 'wp-security-audit-log' );
?>