Server IP : 172.67.157.199 / Your IP : 3.145.104.219 [ Web Server : Apache System : Linux b70eb322-3aee-0c53-7c82-0db91281f2c6.secureserver.net 6.1.90-1.el9.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 2 12:09:22 EDT 2024 x86_64 User : root ( 0) PHP Version : 8.0.30.2 Disable Function : NONE Domains : 0 Domains MySQL : ON | cURL : ON | WGET : ON | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /var/www/wp-content/plugins/defender-security/src/component/audit/ |
Upload File : |
<?php /** * Auditing changes to WordPress settings. * * @package WP_Defender\Component\Audit */ namespace WP_Defender\Component\Audit; use WP_Defender\Traits\User; use WP_Defender\Model\Audit_Log; /** * Handles changes to WordPress settings such as updating options and deleting options. */ class Options_Audit extends Audit_Event { use User; public const CONTEXT_SETTINGS = 'ct_setting'; /** * Returns an array of hooks that the audit system will listen to. * Specifically, it listens to the update_option hook to audit changes made to WordPress options. * * @return array[] */ public function get_hooks(): array { return array( 'update_option' => array( 'args' => array( 'option', 'old_value', 'value' ), 'callback' => array( self::class, 'process_options' ), 'event_type' => Audit_Log::EVENT_TYPE_SETTINGS, 'action_type' => self::ACTION_UPDATED, ), ); } /** * Processes the changes made to an option and generates an audit log entry if the option value has changed. * It serializes array values for comparison and uses a human-readable format for logging. * * @return bool|array */ public function process_options() { $args = func_get_args(); $option = $args[1]['option']; $old = $args[1]['old_value']; $new = $args[1]['value']; $option_human_read = self::key_to_human_name( $option ); // To avoid the recursive compare if both are nested array, convert all to string. $check1 = is_array( $old ) ? wp_json_encode( $old ) : $old; $check2 = is_array( $new ) ? wp_json_encode( $new ) : $new; if ( $check1 === $check2 ) { return false; } if ( false !== $option_human_read ) { $user_name = $this->get_user_display( get_current_user_id() ); $blog_name = is_multisite() ? '[' . get_bloginfo( 'name' ) . ']' : ''; // We will need special case for reader. switch ( $option ) { case 'users_can_register': if ( 0 === $new ) { $text = sprintf( /* translators: 1: Blog name, 2: User's display name */ esc_html__( '%1$s %2$s disabled site registration', 'defender-security' ), $blog_name, $user_name ); } else { $text = sprintf( /* translators: 1: Blog name, 2: User's display name */ esc_html__( '%1$s %2$s opened site registration', 'defender-security' ), $blog_name, $user_name ); } break; case 'start_of_week': global $wp_locale; $old_day = $wp_locale->get_weekday( $old ); $new_day = $wp_locale->get_weekday( $new ); $text = sprintf( /* translators: 1: Blog name, 2: User's display name, 3: Option: Week Starts On, 4: Old day, 5: New day */ esc_html__( '%1$s %2$s update option %3$s from %4$s to %5$s', 'defender-security' ), $blog_name, $user_name, $option_human_read, $old_day, $new_day ); break; case 'WPLANG': if ( '' !== $new ) { $text = sprintf( /* translators: 1: Blog name, 2: User's display name, 3: Option: Site Language, 4: New option value */ esc_html__( '%1$s %2$s update option %3$s to %4$s', 'defender-security' ), $blog_name, $user_name, $option_human_read, $new ); } else { $text = sprintf( /* translators: 1: Blog name, 2: User's display name, 3: Option: Site Language, 4: Old option value */ esc_html__( '%1$s %2$s update option %3$s from %4$s', 'defender-security' ), $blog_name, $user_name, $option_human_read, $old ); } break; default: $text = sprintf( /* translators: 1: Blog name, 2: User's display name, 3: Option label, 4: Old option value, 5: New option value */ esc_html__( '%1$s %2$s update option %3$s from %4$s to %5$s', 'defender-security' ), $blog_name, $user_name, $option_human_read, $old, $new ); break; } return array( $text, self::CONTEXT_SETTINGS ); } return false; } /** * Converts an option key to a human-readable name using a predefined list. If the key is not found in the list, it * returns the key itself. * * @param mixed $key The option key to convert. * * @return mixed */ private static function key_to_human_name( $key ) { $human_read = apply_filters( 'wd_audit_settings_keys', array( 'blogname' => esc_html__( 'Site Title', 'defender-security' ), 'blogdescription' => esc_html__( 'Tagline', 'defender-security' ), 'gmt_offset' => esc_html__( 'Timezone', 'defender-security' ), 'date_format' => esc_html__( 'Date Format', 'defender-security' ), 'time_format' => esc_html__( 'Time Format', 'defender-security' ), 'start_of_week' => esc_html__( 'Week Starts On', 'defender-security' ), 'timezone_string' => esc_html__( 'Timezone', 'defender-security' ), 'WPLANG' => esc_html__( 'Site Language', 'defender-security' ), 'siteurl' => esc_html__( 'WordPress Address (URL)', 'defender-security' ), 'home' => esc_html__( 'Site Address (URL)', 'defender-security' ), 'admin_email' => esc_html__( 'Email Address', 'defender-security' ), 'users_can_register' => esc_html__( 'Membership', 'defender-security' ), 'default_role' => esc_html__( 'New User Default Role', 'defender-security' ), 'default_pingback_flag' => esc_html__( 'Default article settings', 'defender-security' ), 'default_ping_status' => esc_html__( 'Default article settings', 'defender-security' ), 'default_comment_status' => esc_html__( 'Default article settings', 'defender-security' ), 'comments_notify' => esc_html__( 'Email me whenever', 'defender-security' ), 'moderation_notify' => esc_html__( 'Email me whenever', 'defender-security' ), 'comment_moderation' => esc_html__( 'Before a comment appears', 'defender-security' ), 'require_name_email' => esc_html__( 'Other comment settings', 'defender-security' ), 'comment_whitelist' => esc_html__( 'Before a comment appears', 'defender-security' ), 'comment_max_links' => esc_html__( 'Comment Moderation', 'defender-security' ), 'moderation_keys' => esc_html__( 'Comment Moderation', 'defender-security' ), 'blacklist_keys' => esc_html__( 'Comment Blocklist', 'defender-security' ), 'show_avatars' => esc_html__( 'Avatar Display', 'defender-security' ), 'avatar_rating' => esc_html__( 'Maximum Rating', 'defender-security' ), 'avatar_default' => esc_html__( 'Default Avatar', 'defender-security' ), 'close_comments_for_old_posts' => esc_html__( 'Other comment settings', 'defender-security' ), 'close_comments_days_old' => esc_html__( 'Other comment settings', 'defender-security' ), 'thread_comments' => esc_html__( 'Other comment settings', 'defender-security' ), 'thread_comments_depth' => esc_html__( 'Other comment settings', 'defender-security' ), 'page_comments' => esc_html__( 'Other comment settings', 'defender-security' ), 'comments_per_page' => esc_html__( 'Other comment settings', 'defender-security' ), 'default_comments_page' => esc_html__( 'Other comment settings', 'defender-security' ), 'comment_order' => esc_html__( 'Other comment settings', 'defender-security' ), 'comment_registration' => esc_html__( 'Other comment settings', 'defender-security' ), 'thumbnail_size_w' => esc_html__( 'Thumbnail size', 'defender-security' ), 'thumbnail_size_h' => esc_html__( 'Thumbnail size', 'defender-security' ), 'thumbnail_crop' => esc_html__( 'Thumbnail size', 'defender-security' ), 'medium_size_w' => esc_html__( 'Medium size', 'defender-security' ), 'medium_size_h' => esc_html__( 'Medium size', 'defender-security' ), 'medium_large_size_w' => esc_html__( 'Medium size', 'defender-security' ), 'medium_large_size_h' => esc_html__( 'Medium size', 'defender-security' ), 'large_size_w' => esc_html__( 'Large size', 'defender-security' ), 'large_size_h' => esc_html__( 'Large size', 'defender-security' ), 'image_default_size' => esc_html__( 'Default image size', 'defender-security' ), 'image_default_align' => esc_html__( 'Default image align', 'defender-security' ), 'image_default_link_type' => esc_html__( 'Default image link type', 'defender-security' ), 'uploads_use_yearmonth_folders' => esc_html__( 'Uploading Files', 'defender-security' ), 'posts_per_page' => esc_html__( 'Blog pages show at most', 'defender-security' ), 'posts_per_rss' => esc_html__( 'Syndication feeds show the most recent', 'defender-security' ), 'rss_use_excerpt' => esc_html__( 'For each article in a feed, show', 'defender-security' ), 'show_on_front' => esc_html__( 'Front page displays', 'defender-security' ), 'page_on_front' => esc_html__( 'Front page', 'defender-security' ), 'page_for_posts' => esc_html__( 'Posts page', 'defender-security' ), 'blog_public' => esc_html__( 'Search Engine Visibility', 'defender-security' ), 'default_category' => esc_html__( 'Default Post Category', 'defender-security' ), 'default_email_category' => esc_html__( 'Default Mail Category', 'defender-security' ), 'default_link_category' => esc_html__( 'Default Link Category', 'defender-security' ), 'default_post_format' => esc_html__( 'Default Post Format', 'defender-security' ), 'mailserver_url' => esc_html__( 'Mail Server', 'defender-security' ), 'mailserver_port' => esc_html__( 'Port', 'defender-security' ), 'mailserver_login' => esc_html__( 'Login Name', 'defender-security' ), 'mailserver_pass' => esc_html__( 'Password', 'defender-security' ), 'ping_sites' => esc_html__( 'Update Services', 'defender-security' ), 'permalink_structure' => esc_html__( 'Permalink Setting', 'defender-security' ), 'category_base' => esc_html__( 'Category base', 'defender-security' ), 'tag_base' => esc_html__( 'Tag base', 'defender-security' ), 'registrationnotification' => esc_html__( 'Registration notification', 'defender-security' ), 'registration' => esc_html__( 'Allow new registrations', 'defender-security' ), 'add_new_users' => esc_html__( 'Add New Users', 'defender-security' ), 'menu_items' => esc_html__( 'Enable administration menus', 'defender-security' ), 'upload_space_check_disabled' => esc_html__( 'Site upload space', 'defender-security' ), 'blog_upload_space' => esc_html__( 'Site upload space', 'defender-security' ), 'upload_filetypes' => esc_html__( 'Upload file types', 'defender-security' ), 'site_name' => esc_html__( 'Network Title', 'defender-security' ), 'first_post' => esc_html__( 'First Post', 'defender-security' ), 'first_page' => esc_html__( 'First Page', 'defender-security' ), 'first_comment' => esc_html__( 'First Comment', 'defender-security' ), 'first_comment_url' => esc_html__( 'First Comment URL', 'defender-security' ), 'first_comment_author' => esc_html__( 'First Comment Author', 'defender-security' ), 'welcome_email' => esc_html__( 'Welcome Email', 'defender-security' ), 'welcome_user_email' => esc_html__( 'Welcome User Email', 'defender-security' ), 'fileupload_maxk' => esc_html__( 'Max upload file size', 'defender-security' ), 'illegal_names' => esc_html__( 'Banned Names', 'defender-security' ), 'limited_email_domains' => esc_html__( 'Limited Email Registrations', 'defender-security' ), 'banned_email_domains' => esc_html__( 'Banned Email Domains', 'defender-security' ), ) ); if ( isset( $human_read[ $key ] ) ) { if ( empty( $human_read[ $key ] ) ) { return $key; } return $human_read[ $key ]; } return false; } /** * Provides a dictionary for translating audit contexts into human-readable formats. * * @return array */ public function dictionary(): array { return array( self::CONTEXT_SETTINGS => esc_html__( 'Settings', 'defender-security' ), ); } }