'item', //singular name of the listed records 'plural' => 'items', //plural name of the listed records 'ajax' => false //does this table support ajax? )); } /** * Returns created column in datetime format as per user setting time zone. * * @param array $item - data for the columns on the current row * * @return string - the datetime */ public function column_created($item) { return AIOWPSecurity_Utility::convert_timestamp($item['created']); } public function column_default($item, $column_name) { return $item[$column_name]; } /** * Function to populate the permanent blocked ip actions column in the table * * @param array $item - Contains the current item data * * @return string */ public function column_id($item) { $actions = array( 'unblock' => 'Unblock', ); //Return the user_login contents return sprintf('%1$s %2$s', /*$1%s*/ $item['id'], /*$2%s*/ $this->row_actions($actions) ); } public function column_cb($item) { return sprintf( '', /*$1%s*/ $this->_args['singular'], //Let's simply repurpose the table's singular label /*$2%s*/ $item['id'] //The value of the checkbox should be the record's id ); } public function get_columns() { return array( 'cb' => '', //Render a checkbox 'id' => 'ID', 'blocked_ip' => __('Blocked IP', 'all-in-one-wp-security-and-firewall'), 'block_reason' => __('Reason', 'all-in-one-wp-security-and-firewall'), 'created' => __('Date and Time', 'all-in-one-wp-security-and-firewall') ); } public function get_sortable_columns() { return array( 'id' => array('id', false), 'blocked_ip' => array('blocked_ip', false), 'block_reason' => array('block_reason', false), 'created' => array('created', false) ); } public function get_bulk_actions() { return array( 'unblock' => __('Unblock', 'all-in-one-wp-security-and-firewall') ); } private function process_bulk_action() { // phpcs:disable WordPress.Security.NonceVerification.Recommended -- PCP warning. It IS the nonce. Ignore. if (empty($_REQUEST['_wpnonce']) || !isset($_REQUEST['_wp_http_referer'])) return; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- PCP warning. Ignore. $result = AIOWPSecurity_Utility_Permissions::check_nonce_and_user_cap($_REQUEST['_wpnonce'], 'bulk-items'); if (is_wp_error($result)) return; if ('unblock' === $this->current_action()) { // Process unlock bulk actions if (!isset($_REQUEST['item'])) { AIOS_Helper::set_message('aios_list_message', __('Please select some records using the checkboxes', 'all-in-one-wp-security-and-firewall'), 'error'); } else { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- PCP warning. Sanitized later $this->unblock_ip_address(wp_unslash($_REQUEST['item'])); } } // phpcs:enable WordPress.Security.NonceVerification.Recommended -- PCP warning. It IS the nonce. Ignore. } /** * Deletes one or more records from the AIOWPSEC_TBL_PERM_BLOCK table. * * @param array|string|integer $entries - ids or a single id * * @return void|string */ public function unblock_ip_address($entries) { global $wpdb, $aio_wp_security; if (is_array($entries)) { // multiple records $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values $id_list = "(" . implode(",", $entries) . ")"; //Create comma separate list for DB operation $delete_command = "DELETE FROM " . AIOWPSEC_TBL_PERM_BLOCK . " WHERE id IN " . $id_list; // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $id_list cannot be prepared. $result = $wpdb->query($delete_command); if ($result) { AIOS_Helper::set_message('aios_list_message', __('Successfully unblocked and deleted the selected record(s).', 'all-in-one-wp-security-and-firewall')); } else { // Error on bulk delete $aio_wp_security->debug_logger->log_debug('Database error occurred when deleting rows from Perm Block table. Database error: '.$wpdb->last_error, 4); AIOS_Helper::set_message('aios_list_message', __('Failed to unblock and delete the selected record(s).', 'all-in-one-wp-security-and-firewall'), 'error'); } } elseif (!empty($entries)) { //Delete single record $delete_command = "DELETE FROM " . AIOWPSEC_TBL_PERM_BLOCK . " WHERE id = %d"; // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery -- PCP error. Ignore. $result = $wpdb->query($wpdb->prepare($delete_command, absint($entries))); if (false === $result) { // Error on single delete $aio_wp_security->debug_logger->log_debug('Database error occurred when deleting rows from Perm Block table. Database error: '.$wpdb->last_error, 4); } return $result; } } /** * This function will build and return the SQL WHERE statement * * @param string $search_term - the search term applied * * @return string - the SQL WHERE statement */ private function get_permanent_blocked_ip_list_where_sql($search_term) { $where = ''; if (!empty($search_term)) { $where = " WHERE"; // We don't use FILTER_VALIDATE_IP here as we want to be able to search for partial IP's if (preg_match('/^[0-9a-f:\.]+$/i', $search_term)) { $where .= " `blocked_ip` LIKE '%".esc_sql($search_term)."%' OR"; } $where .= " `block_reason` LIKE '%".esc_sql($search_term)."%'"; $where .= " OR `country_origin` LIKE '%".esc_sql($search_term)."%'"; } return $where; } /** * Grabs the data from database and handles the pagination * * @param boolean $ignore_pagination - whether to not paginate * * @return void */ public function prepare_items($ignore_pagination = false) { /** * First, lets decide how many records per page to show */ $per_page = 100; $columns = $this->get_columns(); $hidden = array(); $sortable = $this->get_sortable_columns(); // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- PCP warning. No nonce. $search = isset($_REQUEST['s']) ? sanitize_text_field(wp_unslash($_REQUEST['s'])) : ''; $this->_column_headers = array($columns, $hidden, $sortable); $this->process_bulk_action(); global $wpdb; $block_table_name = AIOWPSEC_TBL_PERM_BLOCK; // Ordering parameters // Parameters that are going to be used to order the result // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- PCP warning. No nonce. $orderby = isset($_GET["orderby"]) ? sanitize_text_field(wp_unslash($_GET["orderby"])) : ''; // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- PCP warning. No nonce. $order = isset($_GET["order"]) ? sanitize_text_field(wp_unslash($_GET["order"])) : ''; $orderby = !empty($orderby) ? esc_sql($orderby) : 'id'; $order = !empty($order) ? esc_sql($order) : 'DESC'; $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable); $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1')); $current_page = $this->get_pagenum(); $offset = ($current_page - 1) * $per_page; $search_query = $this->get_permanent_blocked_ip_list_where_sql($search); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery -- PCP warning. Ignore. $total_items = $wpdb->get_var("SELECT COUNT(*) FROM {$block_table_name}{$search_query}"); if ($ignore_pagination) { // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery -- PCP warning. Ignore. $data = $wpdb->get_results("SELECT * FROM {$block_table_name} {$search_query} ORDER BY $orderby$order", 'ARRAY_A'); } else { // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery -- PCP warning. Ignore. $data = $wpdb->get_results("SELECT * FROM {$block_table_name}{$search_query} ORDER BY $orderby $order LIMIT $per_page OFFSET $offset", 'ARRAY_A'); } $this->items = $data; if ($ignore_pagination) return; $this->set_pagination_args(array( 'total_items' => $total_items, //WE have to calculate the total number of items 'per_page' => $per_page, //WE have to determine how many items to show on a page 'total_pages' => ceil($total_items / $per_page) //WE have to calculate the total number of pages )); } }