Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3005263

Timestamp:

12/04/2023 06:51:11 PM (2 years ago)

Author:

deryck

Message:

Addressed a security issue in the login failure process, preventing a potential exploit that could harm the website. This fix significantly enhances the overall safety and reliability of the plugin.

Location:

logdash-activity-log

Files:

: 165 added
: 3 edited

tags/1.1.3 (added)
tags/1.1.3/.gitignore (added)
tags/1.1.3/LICENSE.txt (added)
tags/1.1.3/README.txt (added)
tags/1.1.3/assets (added)
tags/1.1.3/assets/build (added)
tags/1.1.3/assets/build/index.asset.php (added)
tags/1.1.3/assets/build/index.css (added)
tags/1.1.3/assets/build/index.css.map (added)
tags/1.1.3/assets/build/index.js (added)
tags/1.1.3/assets/build/index.js.map (added)
tags/1.1.3/assets/img (added)
tags/1.1.3/assets/img/icon-logdash-white.svg (added)
tags/1.1.3/assets/src (added)
tags/1.1.3/assets/src/IpDetails.jsx (added)
tags/1.1.3/assets/src/index.js (added)
tags/1.1.3/assets/src/index.scss (added)
tags/1.1.3/composer.json (added)
tags/1.1.3/composer.lock (added)
tags/1.1.3/languages (added)
tags/1.1.3/languages/logdash-activity-log-es_ES.mo (added)
tags/1.1.3/languages/logdash-activity-log-es_ES.po (added)
tags/1.1.3/languages/logdash-activity-log.pot (added)
tags/1.1.3/logdash-activity-log.php (added)
tags/1.1.3/package-lock.json (added)
tags/1.1.3/package.json (added)
tags/1.1.3/src (added)
tags/1.1.3/src/API (added)
tags/1.1.3/src/API/Activation.php (added)
tags/1.1.3/src/API/DB.php (added)
tags/1.1.3/src/API/Event.php (added)
tags/1.1.3/src/API/EventMeta.php (added)
tags/1.1.3/src/API/RestEndpoints.php (added)
tags/1.1.3/src/Actions (added)
tags/1.1.3/src/Actions/RemoveExpiredLog.php (added)
tags/1.1.3/src/Actions/ResetLog.php (added)
tags/1.1.3/src/ActivityLog.php (added)
tags/1.1.3/src/Admin (added)
tags/1.1.3/src/Admin/EventsPage.php (added)
tags/1.1.3/src/Admin/EventsTable.php (added)
tags/1.1.3/src/Admin/InputTypes.php (added)
tags/1.1.3/src/Admin/Settings.php (added)
tags/1.1.3/src/EventCodes.php (added)
tags/1.1.3/src/EventTypes.php (added)
tags/1.1.3/src/Hooks (added)
tags/1.1.3/src/Hooks/Core.php (added)
tags/1.1.3/src/Hooks/Files.php (added)
tags/1.1.3/src/Hooks/HooksBase.php (added)
tags/1.1.3/src/Hooks/Meta.php (added)
tags/1.1.3/src/Hooks/Plugins.php (added)
tags/1.1.3/src/Hooks/Posts.php (added)
tags/1.1.3/src/Hooks/Settings.php (added)
tags/1.1.3/src/Hooks/Taxonomies.php (added)
tags/1.1.3/src/Hooks/Themes.php (added)
tags/1.1.3/src/Hooks/Users.php (added)
tags/1.1.3/src/Template (added)
tags/1.1.3/src/Template/Meta (added)
tags/1.1.3/src/Template/Meta/After.php (added)
tags/1.1.3/src/Template/Meta/Before.php (added)
tags/1.1.3/src/Template/Meta/Label.php (added)
tags/1.1.3/src/Template/Meta/LabelInterface.php (added)
tags/1.1.3/src/Template/Meta/Specification.php (added)
tags/1.1.3/src/Template/Meta/SpecificationInterface.php (added)
tags/1.1.3/src/Template/Meta/View.php (added)
tags/1.1.3/vendor (added)
tags/1.1.3/vendor/autoload.php (added)
tags/1.1.3/vendor/composer (added)
tags/1.1.3/vendor/composer/ClassLoader.php (added)
tags/1.1.3/vendor/composer/InstalledVersions.php (added)
tags/1.1.3/vendor/composer/LICENSE (added)
tags/1.1.3/vendor/composer/autoload_classmap.php (added)
tags/1.1.3/vendor/composer/autoload_namespaces.php (added)
tags/1.1.3/vendor/composer/autoload_psr4.php (added)
tags/1.1.3/vendor/composer/autoload_real.php (added)
tags/1.1.3/vendor/composer/autoload_static.php (added)
tags/1.1.3/vendor/composer/installed.json (added)
tags/1.1.3/vendor/composer/installed.php (added)
tags/1.1.3/views (added)
tags/1.1.3/views/admin (added)
tags/1.1.3/views/admin/events.template.php (added)
tags/1.1.3/views/admin/settings.template.php (added)
tags/1.1.3/webpack.config.js (added)
tags/1.1.4 (added)
tags/1.1.4/.gitignore (added)
tags/1.1.4/LICENSE.txt (added)
tags/1.1.4/README.txt (added)
tags/1.1.4/assets (added)
tags/1.1.4/assets/build (added)
tags/1.1.4/assets/build/index.asset.php (added)
tags/1.1.4/assets/build/index.css (added)
tags/1.1.4/assets/build/index.css.map (added)
tags/1.1.4/assets/build/index.js (added)
tags/1.1.4/assets/build/index.js.map (added)
tags/1.1.4/assets/img (added)
tags/1.1.4/assets/img/icon-logdash-white.svg (added)
tags/1.1.4/assets/src (added)
tags/1.1.4/assets/src/IpDetails.jsx (added)
tags/1.1.4/assets/src/index.js (added)
tags/1.1.4/assets/src/index.scss (added)
tags/1.1.4/composer.json (added)
tags/1.1.4/composer.lock (added)
tags/1.1.4/languages (added)
tags/1.1.4/languages/logdash-activity-log-es_ES.mo (added)
tags/1.1.4/languages/logdash-activity-log-es_ES.po (added)
tags/1.1.4/languages/logdash-activity-log.pot (added)
tags/1.1.4/logdash-activity-log.php (added)
tags/1.1.4/package-lock.json (added)
tags/1.1.4/package.json (added)
tags/1.1.4/src (added)
tags/1.1.4/src/API (added)
tags/1.1.4/src/API/Activation.php (added)
tags/1.1.4/src/API/DB.php (added)
tags/1.1.4/src/API/Event.php (added)
tags/1.1.4/src/API/EventMeta.php (added)
tags/1.1.4/src/API/RestEndpoints.php (added)
tags/1.1.4/src/Actions (added)
tags/1.1.4/src/Actions/RemoveExpiredLog.php (added)
tags/1.1.4/src/Actions/ResetLog.php (added)
tags/1.1.4/src/ActivityLog.php (added)
tags/1.1.4/src/Admin (added)
tags/1.1.4/src/Admin/EventsPage.php (added)
tags/1.1.4/src/Admin/EventsTable.php (added)
tags/1.1.4/src/Admin/InputTypes.php (added)
tags/1.1.4/src/Admin/Settings.php (added)
tags/1.1.4/src/EventCodes.php (added)
tags/1.1.4/src/EventTypes.php (added)
tags/1.1.4/src/Hooks (added)
tags/1.1.4/src/Hooks/Core.php (added)
tags/1.1.4/src/Hooks/Files.php (added)
tags/1.1.4/src/Hooks/HooksBase.php (added)
tags/1.1.4/src/Hooks/Meta.php (added)
tags/1.1.4/src/Hooks/Plugins.php (added)
tags/1.1.4/src/Hooks/Posts.php (added)
tags/1.1.4/src/Hooks/Settings.php (added)
tags/1.1.4/src/Hooks/Taxonomies.php (added)
tags/1.1.4/src/Hooks/Themes.php (added)
tags/1.1.4/src/Hooks/Users.php (added)
tags/1.1.4/src/Template (added)
tags/1.1.4/src/Template/Meta (added)
tags/1.1.4/src/Template/Meta/After.php (added)
tags/1.1.4/src/Template/Meta/Before.php (added)
tags/1.1.4/src/Template/Meta/Label.php (added)
tags/1.1.4/src/Template/Meta/LabelInterface.php (added)
tags/1.1.4/src/Template/Meta/Specification.php (added)
tags/1.1.4/src/Template/Meta/SpecificationInterface.php (added)
tags/1.1.4/src/Template/Meta/View.php (added)
tags/1.1.4/vendor (added)
tags/1.1.4/vendor/autoload.php (added)
tags/1.1.4/vendor/composer (added)
tags/1.1.4/vendor/composer/ClassLoader.php (added)
tags/1.1.4/vendor/composer/InstalledVersions.php (added)
tags/1.1.4/vendor/composer/LICENSE (added)
tags/1.1.4/vendor/composer/autoload_classmap.php (added)
tags/1.1.4/vendor/composer/autoload_namespaces.php (added)
tags/1.1.4/vendor/composer/autoload_psr4.php (added)
tags/1.1.4/vendor/composer/autoload_real.php (added)
tags/1.1.4/vendor/composer/autoload_static.php (added)
tags/1.1.4/vendor/composer/installed.json (added)
tags/1.1.4/vendor/composer/installed.php (added)
tags/1.1.4/views (added)
tags/1.1.4/views/admin (added)
tags/1.1.4/views/admin/events.template.php (added)
tags/1.1.4/views/admin/settings.template.php (added)
tags/1.1.4/webpack.config.js (added)
trunk/.gitignore (added)
trunk/README.txt (modified) (2 diffs)
trunk/logdash-activity-log.php (modified) (2 diffs)
trunk/src/Hooks/Users.php (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed

logdash-activity-log/trunk/README.txt

-                      r2940115
+                      r3005263
 Tags: Activity Log, User Activity, User Log, Audit Log, Security, Tracking, WooCommerce, bbPress, GDPR,
 Requires at least: 5.9.5
 Tested up to: 6.2
+Tested up to: 6.4.1
 Requires PHP: 7.4
 Stable tag: 1.1.3
 …
 == Changelog ==
+= 1.1.4 =
+* Addressed a security issue in the login failure process, preventing a potential exploit that could harm the website. This fix significantly enhances the overall safety and reliability of the plugin.
+* Fixed some minor bugs that generated warnings in the logs.
 = 1.1.3 =
 * Performance improved while deleting old events

logdash-activity-log/trunk/logdash-activity-log.php

-                      r2940115
+                      r3005263
  * Plugin URI:        https://deryckoe.com/logdash-activity-log
  * Description:       The ultimate solution for tracking activities and security issues on your WordPress site.
  * Version:           1.1.3
+ * Version:           1.1.4
  * Author:            Deryck Oñate
  * Author URI:        http://deryckoe.com
 …
  * Currently plugin version.
  */
 define( 'LOGDASH_VERSION', '1.1.3' );
+define( 'LOGDASH_VERSION', '1.1.4' );
 /**

logdash-activity-log/trunk/src/Hooks/Users.php

-                      r2916051
+                      r3005263
         global $wpdb;
         $log_table = DB::log_table();
+        $log_table  = DB::log_table();
         $meta_table = DB::meta_table();
+        $user_query = "SELECT log.ID FROM {$log_table} AS log
+                        LEFT JOIN {$meta_table} AS meta ON meta.event_id = log.ID
+                        WHERE log.event_type = '{$failed_login}'
+                        AND meta.name = 'userLogin'
+                        AND meta.value = '{$user_login}'
+                        AND FROM_UNIXTIME(created, '%Y-%m-%d') = CURRENT_DATE()
+                        ORDER BY log.ID DESC LIMIT 1;";
+        $user_query = $wpdb->prepare( "SELECT log.ID FROM {$log_table} AS log
+                               LEFT JOIN {$meta_table} AS meta ON meta.event_id = log.ID
+                               WHERE log.event_type = %s
+                               AND meta.name = 'userLogin'
+                               AND meta.value = %s
+                               AND FROM_UNIXTIME(created, '%%Y-%%m-%%d') = CURRENT_DATE()
+                               ORDER BY log.ID DESC LIMIT 1;",
+            $failed_login, $user_login );
         $event_id = $wpdb->get_var( $user_query );
 …
             if ( false === $user ) {
                 $this->event
                     ->insert( EventTypes::FAILED_LOGIN, EventCodes::USER_LOGIN_FAIL, self::$object_type, self::$object_type, 0, 0, null )
 …
+        }
+        if ( is_int( $meta_value ) ) {
+            $meta_value = (string) $meta_value;
+        }
         $this->event
 …
                 new EventMeta( 'fieldName', $meta_key ),
                 new EventMeta( 'oldValue', $this->old_meta[ $meta_key ] ),
                 new EventMeta( 'newValue', $meta_value ),
+                new EventMeta( 'newValue',  $meta_value ),
                 new EventMeta( 'userLogin', $event_user->user_login ),
                 new EventMeta( 'firstName', $event_user->first_name ),

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory