From c425a66a8dda43e66212f1b990db6e0bac806810 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 18:30:43 +0000 Subject: [PATCH 01/25] chore(deps): update dependency @wordpress/eslint-plugin to v22 --- package-lock.json | 10 +++++----- package.json | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 205dec3c7..7af54cf05 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14,7 +14,7 @@ "@playwright/test": "^1.49.1", "@types/node": "^22.10.2", "@wordpress/e2e-test-utils-playwright": "^1.14.0", - "@wordpress/eslint-plugin": "^21.6.0", + "@wordpress/eslint-plugin": "^22.0.0", "@wordpress/scripts": "^30.7.0", "copy-webpack-plugin": "^12.0.2", "eslint-plugin-react-hooks": "^5.1.0", @@ -5065,9 +5065,9 @@ } }, "node_modules/@wordpress/eslint-plugin": { - "version": "21.6.0", - "resolved": "https://registry.npmjs.org/@wordpress/eslint-plugin/-/eslint-plugin-21.6.0.tgz", - "integrity": "sha512-jvPtrN7JaUc94Z/cMF4XrENfQPOHdEcmYSt97k5yKthPO4zfrb3OwxGlHwyTv0RqQ8MbqCsU8gNdbECUjFzBEA==", + "version": "22.0.0", + "resolved": "https://registry.npmjs.org/@wordpress/eslint-plugin/-/eslint-plugin-22.0.0.tgz", + "integrity": "sha512-Hh1sO9UV0IYI7D+F6EQnhvs2HAv4H0iBVZikXZKcPmQudlwgV2OWdNprdSe8IoRmpMqmhQ+gkaj9Gwk6NReGHQ==", "dev": true, "license": "GPL-2.0-or-later", "dependencies": { @@ -5097,7 +5097,7 @@ "@babel/core": ">=7", "eslint": ">=8", "prettier": ">=3", - "typescript": ">=4" + "typescript": ">=5" }, "peerDependenciesMeta": { "prettier": { diff --git a/package.json b/package.json index 93797298b..36f103e61 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "@playwright/test": "^1.49.1", "@types/node": "^22.10.2", "@wordpress/e2e-test-utils-playwright": "^1.14.0", - "@wordpress/eslint-plugin": "^21.6.0", + "@wordpress/eslint-plugin": "^22.0.0", "@wordpress/scripts": "^30.7.0", "copy-webpack-plugin": "^12.0.2", "eslint-plugin-react-hooks": "^5.1.0", From a2add7a7eb2ed886abfae148aaec6e31634f03ce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 22:49:51 +0000 Subject: [PATCH 02/25] chore(deps): bump cookie and express Bumps [cookie](https://github.com/jshttp/cookie) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together. Updates `cookie` from 0.6.0 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.1) Updates `express` from 4.21.0 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](https://github.com/expressjs/express/compare/4.21.0...4.21.2) --- updated-dependencies: - dependency-name: cookie dependency-type: indirect - dependency-name: express dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 39 +++++++++++++++++++++------------------ 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7fc715022..4f607eac3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7397,6 +7397,15 @@ "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==", "dev": true }, + "node_modules/cookie": { + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz", + "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==", + "dev": true, + "engines": { + "node": ">= 0.6" + } + }, "node_modules/cookie-signature": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", @@ -9922,9 +9931,9 @@ "license": "MIT" }, "node_modules/express": { - "version": "4.21.0", - "resolved": "https://registry.npmjs.org/express/-/express-4.21.0.tgz", - "integrity": "sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==", + "version": "4.21.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", + "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", "dev": true, "dependencies": { "accepts": "~1.3.8", @@ -9932,7 +9941,7 @@ "body-parser": "1.20.3", "content-disposition": "0.5.4", "content-type": "~1.0.4", - "cookie": "0.6.0", + "cookie": "0.7.1", "cookie-signature": "1.0.6", "debug": "2.6.9", "depd": "2.0.0", @@ -9946,7 +9955,7 @@ "methods": "~1.1.2", "on-finished": "2.4.1", "parseurl": "~1.3.3", - "path-to-regexp": "0.1.10", + "path-to-regexp": "0.1.12", "proxy-addr": "~2.0.7", "qs": "6.13.0", "range-parser": "~1.2.1", @@ -9961,16 +9970,10 @@ }, "engines": { "node": ">= 0.10.0" - } - }, - "node_modules/express/node_modules/cookie": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", - "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">= 0.6" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" } }, "node_modules/express/node_modules/debug": { @@ -16573,9 +16576,9 @@ "dev": true }, "node_modules/path-to-regexp": { - "version": "0.1.10", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz", - "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==", + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", + "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==", "dev": true }, "node_modules/path-type": { From d89e68f92143f303d5c266d06d87ed8dcaa152fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Wed, 18 Dec 2024 23:23:01 +0100 Subject: [PATCH 03/25] Use Woo built in method to get tax label --- connectors/class-connector-woocommerce.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/connectors/class-connector-woocommerce.php b/connectors/class-connector-woocommerce.php index 3a72128d2..d366919c1 100644 --- a/connectors/class-connector-woocommerce.php +++ b/connectors/class-connector-woocommerce.php @@ -619,14 +619,16 @@ public function callback_woocommerce_tax_rate_added( $tax_rate_id, $tax_rate ) { * @param array $tax_rate Tax Rate data. */ public function callback_woocommerce_tax_rate_updated( $tax_rate_id, $tax_rate ) { + $tax_rate_label = \WC_Tax::get_rate_label( $tax_rate_id ); + $this->log( - /* translators: %4$s: a tax rate name (e.g. "GST") */ + /* translators: %s: a tax rate name (e.g. "GST") */ _x( - '"%4$s" tax rate updated', + '"%s" tax rate updated', 'Tax rate name', 'stream' ), - $tax_rate, + array( $tax_rate_label ), $tax_rate_id, 'tax', 'updated' From 1bbb69711c17e7e235adc70c470d7f7dc2ac5d42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Thu, 19 Dec 2024 17:32:31 +0100 Subject: [PATCH 04/25] Use WC_Order_Factory to get order id --- connectors/class-connector-woocommerce.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/connectors/class-connector-woocommerce.php b/connectors/class-connector-woocommerce.php index 3a72128d2..20e8670cc 100644 --- a/connectors/class-connector-woocommerce.php +++ b/connectors/class-connector-woocommerce.php @@ -437,8 +437,8 @@ public function callback_deleted_post( $post_id ) { return; } - $order = new \WC_Order( $post->ID ); - $order_title = esc_html__( 'Order number', 'stream' ) . ' ' . esc_html( $order->get_order_number() ); + $order_id = \WC_Order_Factory::get_order_id( $post->ID ); + $order_title = esc_html__( 'Order number', 'stream' ) . ' ' . esc_html( $order_id ); $order_type_name = esc_html__( 'order', 'stream' ); $this->log( From d66e82e8624e80d0335ea6db4229d4a2f39293c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Fri, 20 Dec 2024 16:03:01 +0100 Subject: [PATCH 05/25] Update argument type --- classes/class-connector.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/classes/class-connector.php b/classes/class-connector.php index 066baf9e3..a1584f667 100644 --- a/classes/class-connector.php +++ b/classes/class-connector.php @@ -146,12 +146,12 @@ public function action_links( $links, $record ) { /** * Log handler * - * @param string $message sprintf-ready error message string. - * @param array $args sprintf (and extra) arguments to use. - * @param int $object_id Target object id. - * @param string $context Context of the event. - * @param string $action Action of the event. - * @param int $user_id User responsible for the event. + * @param string $message sprintf-ready error message string. + * @param array $args sprintf (and extra) arguments to use. + * @param int|null $object_id Target object id (if any). + * @param string $context Context of the event. + * @param string $action Action of the event. + * @param int $user_id User responsible for the event. * * @return bool */ From c736511d0d6e397b9f8c00dc00eb94802031b3e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Fri, 20 Dec 2024 16:07:03 +0100 Subject: [PATCH 06/25] Use different hook to track theme and plugin files changes --- connectors/class-connector-editor.php | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/connectors/class-connector-editor.php b/connectors/class-connector-editor.php index 8a1fd12e2..9a7df70cb 100644 --- a/connectors/class-connector-editor.php +++ b/connectors/class-connector-editor.php @@ -46,8 +46,8 @@ class Connector_Editor extends Connector { */ public function register() { parent::register(); - add_action( 'load-theme-editor.php', array( $this, 'get_edition_data' ) ); - add_action( 'load-plugin-editor.php', array( $this, 'get_edition_data' ) ); + + add_action( 'wp_ajax_edit-theme-plugin-file', array( $this, 'get_edition_data' ), 1 ); add_filter( 'wp_redirect', array( $this, 'log_changes' ) ); } @@ -187,31 +187,30 @@ public function action_links( $links, $record ) { } /** - * Retrieves data submitted on the screen, and prepares it for the appropriate context type + * Retrieves data submitted on the screen, prepares it for the appropriate context type and logs the changes * - * @action load-theme-editor.php - * @action load-plugin-editor.php + * @action wp_ajax_edit-theme-plugin-file */ public function get_edition_data() { - if ( - ( - isset( $_SERVER['REQUEST_METHOD'] ) - && - 'POST' !== sanitize_text_field( $_SERVER['REQUEST_METHOD'] ) - ) - || - 'update' !== wp_stream_filter_input( INPUT_POST, 'action' ) - ) { + $action = wp_stream_filter_input( INPUT_POST, 'action' ); + $request_method = wp_stream_filter_input( INPUT_SERVER, 'REQUEST_METHOD' ); + + if ( ( isset( $request_method ) && 'POST' !== $request_method ) || ( 'edit-theme-plugin-file' !== $action ) ) { return; } + $location = null; $theme_slug = wp_stream_filter_input( INPUT_POST, 'theme' ); + if ( $theme_slug ) { + $location = 'theme-editor.php'; $this->edited_file = $this->get_theme_data( $theme_slug ); } $plugin_slug = wp_stream_filter_input( INPUT_POST, 'plugin' ); + if ( $plugin_slug ) { + $location = 'plugin-editor.php'; $this->edited_file = $this->get_plugin_data( $plugin_slug ); } } From f6af654fbdc5531f187992be0345980e77994208 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Fri, 20 Dec 2024 16:07:49 +0100 Subject: [PATCH 07/25] Log changes directly instead via hook --- connectors/class-connector-editor.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/connectors/class-connector-editor.php b/connectors/class-connector-editor.php index 9a7df70cb..1d8f9d89a 100644 --- a/connectors/class-connector-editor.php +++ b/connectors/class-connector-editor.php @@ -48,7 +48,6 @@ public function register() { parent::register(); add_action( 'wp_ajax_edit-theme-plugin-file', array( $this, 'get_edition_data' ), 1 ); - add_filter( 'wp_redirect', array( $this, 'log_changes' ) ); } /** @@ -213,6 +212,8 @@ public function get_edition_data() { $location = 'plugin-editor.php'; $this->edited_file = $this->get_plugin_data( $plugin_slug ); } + + $this->log_changes( $location ); } /** @@ -297,14 +298,12 @@ public function get_plugin_data( $slug ) { /** * Logs changes * - * @filter wp_redirect - * * @param string $location Location. */ public function log_changes( $location ) { if ( ! empty( $this->edited_file ) ) { // TODO: phpcs fix. - if ( md5_file( $this->edited_file['file_path'] ) !== $this->edited_file['file_md5'] ) { + if ( md5_file( $this->edited_file['file_path'] ) === $this->edited_file['file_md5'] ) { $context = $this->get_context( $location ); switch ( $context ) { From 873167d324c5482a2f5c4c56707ba3d515564640 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Fri, 20 Dec 2024 16:08:21 +0100 Subject: [PATCH 08/25] Remove obsolete todo --- connectors/class-connector-editor.php | 1 - 1 file changed, 1 deletion(-) diff --git a/connectors/class-connector-editor.php b/connectors/class-connector-editor.php index 1d8f9d89a..022d38a56 100644 --- a/connectors/class-connector-editor.php +++ b/connectors/class-connector-editor.php @@ -302,7 +302,6 @@ public function get_plugin_data( $slug ) { */ public function log_changes( $location ) { if ( ! empty( $this->edited_file ) ) { - // TODO: phpcs fix. if ( md5_file( $this->edited_file['file_path'] ) === $this->edited_file['file_md5'] ) { $context = $this->get_context( $location ); From f9251eecbaa4c6cb17e593c3533d5d18178f6fcb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Fri, 20 Dec 2024 16:09:09 +0100 Subject: [PATCH 09/25] Add missing types for log method --- connectors/class-connector-editor.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connectors/class-connector-editor.php b/connectors/class-connector-editor.php index 022d38a56..ff6bc2c2a 100644 --- a/connectors/class-connector-editor.php +++ b/connectors/class-connector-editor.php @@ -300,7 +300,7 @@ public function get_plugin_data( $slug ) { * * @param string $location Location. */ - public function log_changes( $location ) { + public function log_changes( string $location ): string { if ( ! empty( $this->edited_file ) ) { if ( md5_file( $this->edited_file['file_path'] ) === $this->edited_file['file_md5'] ) { $context = $this->get_context( $location ); From d21d41000edfd6f2e2c361b02ca9ff1d9cfd3166 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Fri, 20 Dec 2024 16:03:01 +0100 Subject: [PATCH 10/25] Update argument type --- classes/class-connector.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/classes/class-connector.php b/classes/class-connector.php index 066baf9e3..a1584f667 100644 --- a/classes/class-connector.php +++ b/classes/class-connector.php @@ -146,12 +146,12 @@ public function action_links( $links, $record ) { /** * Log handler * - * @param string $message sprintf-ready error message string. - * @param array $args sprintf (and extra) arguments to use. - * @param int $object_id Target object id. - * @param string $context Context of the event. - * @param string $action Action of the event. - * @param int $user_id User responsible for the event. + * @param string $message sprintf-ready error message string. + * @param array $args sprintf (and extra) arguments to use. + * @param int|null $object_id Target object id (if any). + * @param string $context Context of the event. + * @param string $action Action of the event. + * @param int $user_id User responsible for the event. * * @return bool */ From cbbf216ca699d7d1c374f30334ec3f84378ece1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Fri, 20 Dec 2024 16:07:03 +0100 Subject: [PATCH 11/25] Use different hook to track theme and plugin files changes --- connectors/class-connector-editor.php | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/connectors/class-connector-editor.php b/connectors/class-connector-editor.php index 8a1fd12e2..9a7df70cb 100644 --- a/connectors/class-connector-editor.php +++ b/connectors/class-connector-editor.php @@ -46,8 +46,8 @@ class Connector_Editor extends Connector { */ public function register() { parent::register(); - add_action( 'load-theme-editor.php', array( $this, 'get_edition_data' ) ); - add_action( 'load-plugin-editor.php', array( $this, 'get_edition_data' ) ); + + add_action( 'wp_ajax_edit-theme-plugin-file', array( $this, 'get_edition_data' ), 1 ); add_filter( 'wp_redirect', array( $this, 'log_changes' ) ); } @@ -187,31 +187,30 @@ public function action_links( $links, $record ) { } /** - * Retrieves data submitted on the screen, and prepares it for the appropriate context type + * Retrieves data submitted on the screen, prepares it for the appropriate context type and logs the changes * - * @action load-theme-editor.php - * @action load-plugin-editor.php + * @action wp_ajax_edit-theme-plugin-file */ public function get_edition_data() { - if ( - ( - isset( $_SERVER['REQUEST_METHOD'] ) - && - 'POST' !== sanitize_text_field( $_SERVER['REQUEST_METHOD'] ) - ) - || - 'update' !== wp_stream_filter_input( INPUT_POST, 'action' ) - ) { + $action = wp_stream_filter_input( INPUT_POST, 'action' ); + $request_method = wp_stream_filter_input( INPUT_SERVER, 'REQUEST_METHOD' ); + + if ( ( isset( $request_method ) && 'POST' !== $request_method ) || ( 'edit-theme-plugin-file' !== $action ) ) { return; } + $location = null; $theme_slug = wp_stream_filter_input( INPUT_POST, 'theme' ); + if ( $theme_slug ) { + $location = 'theme-editor.php'; $this->edited_file = $this->get_theme_data( $theme_slug ); } $plugin_slug = wp_stream_filter_input( INPUT_POST, 'plugin' ); + if ( $plugin_slug ) { + $location = 'plugin-editor.php'; $this->edited_file = $this->get_plugin_data( $plugin_slug ); } } From ae010250bc14e4ef389f893e8de6f08fae1958c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Fri, 20 Dec 2024 16:07:49 +0100 Subject: [PATCH 12/25] Log changes directly instead via hook --- connectors/class-connector-editor.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/connectors/class-connector-editor.php b/connectors/class-connector-editor.php index 9a7df70cb..1d8f9d89a 100644 --- a/connectors/class-connector-editor.php +++ b/connectors/class-connector-editor.php @@ -48,7 +48,6 @@ public function register() { parent::register(); add_action( 'wp_ajax_edit-theme-plugin-file', array( $this, 'get_edition_data' ), 1 ); - add_filter( 'wp_redirect', array( $this, 'log_changes' ) ); } /** @@ -213,6 +212,8 @@ public function get_edition_data() { $location = 'plugin-editor.php'; $this->edited_file = $this->get_plugin_data( $plugin_slug ); } + + $this->log_changes( $location ); } /** @@ -297,14 +298,12 @@ public function get_plugin_data( $slug ) { /** * Logs changes * - * @filter wp_redirect - * * @param string $location Location. */ public function log_changes( $location ) { if ( ! empty( $this->edited_file ) ) { // TODO: phpcs fix. - if ( md5_file( $this->edited_file['file_path'] ) !== $this->edited_file['file_md5'] ) { + if ( md5_file( $this->edited_file['file_path'] ) === $this->edited_file['file_md5'] ) { $context = $this->get_context( $location ); switch ( $context ) { From 066cb81cbd92cf74584583feaa49fb4000f88eb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Fri, 20 Dec 2024 16:08:21 +0100 Subject: [PATCH 13/25] Remove obsolete todo --- connectors/class-connector-editor.php | 1 - 1 file changed, 1 deletion(-) diff --git a/connectors/class-connector-editor.php b/connectors/class-connector-editor.php index 1d8f9d89a..022d38a56 100644 --- a/connectors/class-connector-editor.php +++ b/connectors/class-connector-editor.php @@ -302,7 +302,6 @@ public function get_plugin_data( $slug ) { */ public function log_changes( $location ) { if ( ! empty( $this->edited_file ) ) { - // TODO: phpcs fix. if ( md5_file( $this->edited_file['file_path'] ) === $this->edited_file['file_md5'] ) { $context = $this->get_context( $location ); From a21ad93b65470a42ec1ac78eca036d21ea0cc7f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Fri, 20 Dec 2024 16:09:09 +0100 Subject: [PATCH 14/25] Add missing types for log method --- connectors/class-connector-editor.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connectors/class-connector-editor.php b/connectors/class-connector-editor.php index 022d38a56..ff6bc2c2a 100644 --- a/connectors/class-connector-editor.php +++ b/connectors/class-connector-editor.php @@ -300,7 +300,7 @@ public function get_plugin_data( $slug ) { * * @param string $location Location. */ - public function log_changes( $location ) { + public function log_changes( string $location ): string { if ( ! empty( $this->edited_file ) ) { if ( md5_file( $this->edited_file['file_path'] ) === $this->edited_file['file_md5'] ) { $context = $this->get_context( $location ); From 417385fabd345229f4ae2475efd54f9751b7e28c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Fri, 20 Dec 2024 16:13:22 +0100 Subject: [PATCH 15/25] Revert "Add missing types for log method" This reverts commit f9251eecbaa4c6cb17e593c3533d5d18178f6fcb. --- connectors/class-connector-editor.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connectors/class-connector-editor.php b/connectors/class-connector-editor.php index ff6bc2c2a..022d38a56 100644 --- a/connectors/class-connector-editor.php +++ b/connectors/class-connector-editor.php @@ -300,7 +300,7 @@ public function get_plugin_data( $slug ) { * * @param string $location Location. */ - public function log_changes( string $location ): string { + public function log_changes( $location ) { if ( ! empty( $this->edited_file ) ) { if ( md5_file( $this->edited_file['file_path'] ) === $this->edited_file['file_md5'] ) { $context = $this->get_context( $location ); From a2f88a6e620554c0a4f624581aeef3bc639a6ca6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Fri, 20 Dec 2024 16:13:22 +0100 Subject: [PATCH 16/25] Revert "Remove obsolete todo" This reverts commit 873167d324c5482a2f5c4c56707ba3d515564640. --- connectors/class-connector-editor.php | 1 + 1 file changed, 1 insertion(+) diff --git a/connectors/class-connector-editor.php b/connectors/class-connector-editor.php index 022d38a56..1d8f9d89a 100644 --- a/connectors/class-connector-editor.php +++ b/connectors/class-connector-editor.php @@ -302,6 +302,7 @@ public function get_plugin_data( $slug ) { */ public function log_changes( $location ) { if ( ! empty( $this->edited_file ) ) { + // TODO: phpcs fix. if ( md5_file( $this->edited_file['file_path'] ) === $this->edited_file['file_md5'] ) { $context = $this->get_context( $location ); From 595aa5950f2aab567a129799ab4b91a81e294148 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Fri, 20 Dec 2024 16:13:22 +0100 Subject: [PATCH 17/25] Revert "Log changes directly instead via hook" This reverts commit f6af654fbdc5531f187992be0345980e77994208. --- connectors/class-connector-editor.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/connectors/class-connector-editor.php b/connectors/class-connector-editor.php index 1d8f9d89a..9a7df70cb 100644 --- a/connectors/class-connector-editor.php +++ b/connectors/class-connector-editor.php @@ -48,6 +48,7 @@ public function register() { parent::register(); add_action( 'wp_ajax_edit-theme-plugin-file', array( $this, 'get_edition_data' ), 1 ); + add_filter( 'wp_redirect', array( $this, 'log_changes' ) ); } /** @@ -212,8 +213,6 @@ public function get_edition_data() { $location = 'plugin-editor.php'; $this->edited_file = $this->get_plugin_data( $plugin_slug ); } - - $this->log_changes( $location ); } /** @@ -298,12 +297,14 @@ public function get_plugin_data( $slug ) { /** * Logs changes * + * @filter wp_redirect + * * @param string $location Location. */ public function log_changes( $location ) { if ( ! empty( $this->edited_file ) ) { // TODO: phpcs fix. - if ( md5_file( $this->edited_file['file_path'] ) === $this->edited_file['file_md5'] ) { + if ( md5_file( $this->edited_file['file_path'] ) !== $this->edited_file['file_md5'] ) { $context = $this->get_context( $location ); switch ( $context ) { From b9bc8e67c4a0423046e3e92ac403076694346d09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Fri, 20 Dec 2024 16:13:22 +0100 Subject: [PATCH 18/25] Revert "Use different hook to track theme and plugin files changes" This reverts commit c736511d0d6e397b9f8c00dc00eb94802031b3e0. --- connectors/class-connector-editor.php | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/connectors/class-connector-editor.php b/connectors/class-connector-editor.php index 9a7df70cb..8a1fd12e2 100644 --- a/connectors/class-connector-editor.php +++ b/connectors/class-connector-editor.php @@ -46,8 +46,8 @@ class Connector_Editor extends Connector { */ public function register() { parent::register(); - - add_action( 'wp_ajax_edit-theme-plugin-file', array( $this, 'get_edition_data' ), 1 ); + add_action( 'load-theme-editor.php', array( $this, 'get_edition_data' ) ); + add_action( 'load-plugin-editor.php', array( $this, 'get_edition_data' ) ); add_filter( 'wp_redirect', array( $this, 'log_changes' ) ); } @@ -187,30 +187,31 @@ public function action_links( $links, $record ) { } /** - * Retrieves data submitted on the screen, prepares it for the appropriate context type and logs the changes + * Retrieves data submitted on the screen, and prepares it for the appropriate context type * - * @action wp_ajax_edit-theme-plugin-file + * @action load-theme-editor.php + * @action load-plugin-editor.php */ public function get_edition_data() { - $action = wp_stream_filter_input( INPUT_POST, 'action' ); - $request_method = wp_stream_filter_input( INPUT_SERVER, 'REQUEST_METHOD' ); - - if ( ( isset( $request_method ) && 'POST' !== $request_method ) || ( 'edit-theme-plugin-file' !== $action ) ) { + if ( + ( + isset( $_SERVER['REQUEST_METHOD'] ) + && + 'POST' !== sanitize_text_field( $_SERVER['REQUEST_METHOD'] ) + ) + || + 'update' !== wp_stream_filter_input( INPUT_POST, 'action' ) + ) { return; } - $location = null; $theme_slug = wp_stream_filter_input( INPUT_POST, 'theme' ); - if ( $theme_slug ) { - $location = 'theme-editor.php'; $this->edited_file = $this->get_theme_data( $theme_slug ); } $plugin_slug = wp_stream_filter_input( INPUT_POST, 'plugin' ); - if ( $plugin_slug ) { - $location = 'plugin-editor.php'; $this->edited_file = $this->get_plugin_data( $plugin_slug ); } } From eb21a2f4fbbd8beb9f0a5d09a0de23b9ce17743b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Fri, 20 Dec 2024 16:13:23 +0100 Subject: [PATCH 19/25] Revert "Update argument type" This reverts commit d66e82e8624e80d0335ea6db4229d4a2f39293c2. --- classes/class-connector.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/classes/class-connector.php b/classes/class-connector.php index a1584f667..066baf9e3 100644 --- a/classes/class-connector.php +++ b/classes/class-connector.php @@ -146,12 +146,12 @@ public function action_links( $links, $record ) { /** * Log handler * - * @param string $message sprintf-ready error message string. - * @param array $args sprintf (and extra) arguments to use. - * @param int|null $object_id Target object id (if any). - * @param string $context Context of the event. - * @param string $action Action of the event. - * @param int $user_id User responsible for the event. + * @param string $message sprintf-ready error message string. + * @param array $args sprintf (and extra) arguments to use. + * @param int $object_id Target object id. + * @param string $context Context of the event. + * @param string $action Action of the event. + * @param int $user_id User responsible for the event. * * @return bool */ From 26bc5c9d025766f12d84c473cf894cf62f813f09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Fri, 20 Dec 2024 19:29:36 +0100 Subject: [PATCH 20/25] Replace WC_Order with WC_Order_Factory to get order ID --- connectors/class-connector-woocommerce.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/connectors/class-connector-woocommerce.php b/connectors/class-connector-woocommerce.php index 20e8670cc..8bf2508c2 100644 --- a/connectors/class-connector-woocommerce.php +++ b/connectors/class-connector-woocommerce.php @@ -396,8 +396,8 @@ public function callback_transition_post_status( $new_status, $old_status, $post $action = 'updated'; } - $order = new \WC_Order( $post->ID ); - $order_title = esc_html__( 'Order number', 'stream' ) . ' ' . esc_html( $order->get_order_number() ); + $order_id = \WC_Order_Factory::get_order_id( $post->ID ); + $order_title = esc_html__( 'Order number', 'stream' ) . ' ' . esc_html( $order_id ); $order_type_name = esc_html__( 'order', 'stream' ); $this->log( @@ -495,8 +495,8 @@ public function callback_woocommerce_order_status_changed( $order_id, $old_order 'stream' ); - $order = new \WC_Order( $order_id ); - $order_title = esc_html__( 'Order number', 'stream' ) . ' ' . esc_html( $order->get_order_number() ); + $order_id = \WC_Order_Factory::get_order( $order_id ); + $order_title = esc_html__( 'Order number', 'stream' ) . ' ' . esc_html( $order_id ); $order_type_name = esc_html__( 'order', 'stream' ); $this->log( From 682c7c80cc10336ce8f7b69a8b5cce685dc96900 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Sat, 21 Dec 2024 18:24:14 +0100 Subject: [PATCH 21/25] Add data type check with fallback --- connectors/class-connector-wordpress-seo.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/connectors/class-connector-wordpress-seo.php b/connectors/class-connector-wordpress-seo.php index 7c52a0864..eb839d599 100644 --- a/connectors/class-connector-wordpress-seo.php +++ b/connectors/class-connector-wordpress-seo.php @@ -413,7 +413,10 @@ private function meta( $object_id, $meta_key, $meta_value ) { } $post = get_post( $object_id ); - $post_type_label = get_post_type_labels( get_post_type_object( $post->post_type ) )->singular_name; + $post_type_obj = get_post_type_object( $post->post_type ); + $post_type_label = is_object( $post_type_obj ) && isset( $post_type_obj->labels->singular_name ) + ? $post_type_obj->labels->singular_name + : $post->post_type; $this->log( sprintf( From 62039e5128401afcf34358d56537899f8d4ea012 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Sat, 21 Dec 2024 18:25:02 +0100 Subject: [PATCH 22/25] Cast string for data provided tp log message --- connectors/class-connector-wordpress-seo.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/connectors/class-connector-wordpress-seo.php b/connectors/class-connector-wordpress-seo.php index eb839d599..5b12ef508 100644 --- a/connectors/class-connector-wordpress-seo.php +++ b/connectors/class-connector-wordpress-seo.php @@ -422,9 +422,9 @@ private function meta( $object_id, $meta_key, $meta_value ) { sprintf( /* translators: %1$s: a meta field title, %2$s: a post title, %3$s: a post type (e.g. "Description", "Hello World", "Post") */ __( 'Updated "%1$s" of "%2$s" %3$s', 'stream' ), - $this->escape_percentages( $field['title'] ), - $this->escape_percentages( $post->post_title ), - $this->escape_percentages( $post_type_label ) + $this->escape_percentages( (string) $field['title'] ), + $this->escape_percentages( (string) $post->post_title ), + $this->escape_percentages( (string) $post_type_label ) ), array( 'meta_key' => $meta_key, From f41e89ae4f49558abbac7e7c72bfac657026359f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Mon, 23 Dec 2024 21:10:37 +0100 Subject: [PATCH 23/25] Don't log if location empty --- connectors/class-connector-editor.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/connectors/class-connector-editor.php b/connectors/class-connector-editor.php index ff6bc2c2a..615361529 100644 --- a/connectors/class-connector-editor.php +++ b/connectors/class-connector-editor.php @@ -213,6 +213,10 @@ public function get_edition_data() { $this->edited_file = $this->get_plugin_data( $plugin_slug ); } + if ( ! $location ) { + return; + } + $this->log_changes( $location ); } From c76e5b2b3f5f9f6eeb6cce1043f2ece157fb83f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Mon, 23 Dec 2024 21:36:36 +0100 Subject: [PATCH 24/25] Check user capabilities first --- connectors/class-connector-editor.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/connectors/class-connector-editor.php b/connectors/class-connector-editor.php index 615361529..4e67e93d9 100644 --- a/connectors/class-connector-editor.php +++ b/connectors/class-connector-editor.php @@ -191,6 +191,10 @@ public function action_links( $links, $record ) { * @action wp_ajax_edit-theme-plugin-file */ public function get_edition_data() { + if ( ! current_user_can( 'edit_theme_options' ) ) { + return; + } + $action = wp_stream_filter_input( INPUT_POST, 'action' ); $request_method = wp_stream_filter_input( INPUT_SERVER, 'REQUEST_METHOD' ); From 697b10ed20a813119899dac3b7e6537230ceb7d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Krzemin=CC=81ski?= Date: Mon, 23 Dec 2024 21:36:54 +0100 Subject: [PATCH 25/25] Verify nonce for theme and plugin edits --- connectors/class-connector-editor.php | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/connectors/class-connector-editor.php b/connectors/class-connector-editor.php index 4e67e93d9..a85ca7437 100644 --- a/connectors/class-connector-editor.php +++ b/connectors/class-connector-editor.php @@ -197,21 +197,29 @@ public function get_edition_data() { $action = wp_stream_filter_input( INPUT_POST, 'action' ); $request_method = wp_stream_filter_input( INPUT_SERVER, 'REQUEST_METHOD' ); + $theme_slug = wp_stream_filter_input( INPUT_POST, 'theme' ); + $plugin_slug = wp_stream_filter_input( INPUT_POST, 'plugin' ); + $relative_file = wp_stream_filter_input( INPUT_POST, 'file' ); + + if ( ! empty( $theme_slug ) && ! check_admin_referer( 'edit-theme_' . $theme_slug . '_' . $relative_file, 'nonce' ) ) { + return; + } + + if ( ! empty( $plugin_slug ) && ! check_admin_referer( 'edit-plugin_' . $relative_file, 'nonce' ) ) { + return; + } if ( ( isset( $request_method ) && 'POST' !== $request_method ) || ( 'edit-theme-plugin-file' !== $action ) ) { return; } $location = null; - $theme_slug = wp_stream_filter_input( INPUT_POST, 'theme' ); if ( $theme_slug ) { $location = 'theme-editor.php'; $this->edited_file = $this->get_theme_data( $theme_slug ); } - $plugin_slug = wp_stream_filter_input( INPUT_POST, 'plugin' ); - if ( $plugin_slug ) { $location = 'plugin-editor.php'; $this->edited_file = $this->get_plugin_data( $plugin_slug );