From d8a6cc6eb2be499bcf2031a038255cef63726d69 Mon Sep 17 00:00:00 2001 From: Grzegorz Rola Date: Sat, 4 Nov 2017 16:09:54 +0100 Subject: [PATCH 1/4] Ability to search in DB logs. --- includes/admin/class-wc-admin-log-table-list.php | 4 ++++ includes/admin/views/html-admin-page-status-logs-db.php | 9 +++++++++ 2 files changed, 13 insertions(+) diff --git a/includes/admin/class-wc-admin-log-table-list.php b/includes/admin/class-wc-admin-log-table-list.php index 6b350a5bc76..43624ec0581 100644 --- a/includes/admin/class-wc-admin-log-table-list.php +++ b/includes/admin/class-wc-admin-log-table-list.php @@ -334,6 +334,10 @@ class WC_Admin_Log_Table_List extends WP_List_Table { $where_conditions[] = 'source = %s'; $where_values[] = wc_clean( $_REQUEST['source'] ); } + if ( ! empty( $_REQUEST['s'] ) ) { + $where_conditions[] = 'message like %s'; + $where_values[] = '%' . wc_clean( $_REQUEST['s'] ) . '%'; + } if ( ! empty( $where_conditions ) ) { return $wpdb->prepare( 'WHERE 1 = 1 AND ' . implode( ' AND ', $where_conditions ), $where_values ); diff --git a/includes/admin/views/html-admin-page-status-logs-db.php b/includes/admin/views/html-admin-page-status-logs-db.php index c4b64377bda..3d25bd1d277 100644 --- a/includes/admin/views/html-admin-page-status-logs-db.php +++ b/includes/admin/views/html-admin-page-status-logs-db.php @@ -6,8 +6,17 @@ if ( ! defined( 'ABSPATH' ) ) { exit; } +$s = ''; +if ( isset( $_REQUEST['s'] ) ) { + $s = wc_clean( $_REQUEST['s'] ); +} ?>
+

+ + + +

display(); ?> From 4f4a3460a307de1f2e0938028e911bc72e22b32f Mon Sep 17 00:00:00 2001 From: Grzegorz Rola Date: Mon, 6 Nov 2017 18:50:26 +0100 Subject: [PATCH 2/4] Security fix --- includes/admin/class-wc-admin-log-table-list.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/includes/admin/class-wc-admin-log-table-list.php b/includes/admin/class-wc-admin-log-table-list.php index 43624ec0581..9e5da83b96d 100644 --- a/includes/admin/class-wc-admin-log-table-list.php +++ b/includes/admin/class-wc-admin-log-table-list.php @@ -336,7 +336,8 @@ class WC_Admin_Log_Table_List extends WP_List_Table { } if ( ! empty( $_REQUEST['s'] ) ) { $where_conditions[] = 'message like %s'; - $where_values[] = '%' . wc_clean( $_REQUEST['s'] ) . '%'; + $s = wp_unslash( trim( $_REQUEST[ 's' ] ) ); + $where_values[] = $wpdb->esc_like( $s ); } if ( ! empty( $where_conditions ) ) { From 0c9ad20986d4b0a570bba471e66d67a92cce90bd Mon Sep 17 00:00:00 2001 From: Grzegorz Rola Date: Mon, 6 Nov 2017 19:10:33 +0100 Subject: [PATCH 3/4] wp_unslash() needs to always comes first --- includes/admin/class-wc-admin-log-table-list.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/includes/admin/class-wc-admin-log-table-list.php b/includes/admin/class-wc-admin-log-table-list.php index 9e5da83b96d..afc7f8a3e76 100644 --- a/includes/admin/class-wc-admin-log-table-list.php +++ b/includes/admin/class-wc-admin-log-table-list.php @@ -336,8 +336,7 @@ class WC_Admin_Log_Table_List extends WP_List_Table { } if ( ! empty( $_REQUEST['s'] ) ) { $where_conditions[] = 'message like %s'; - $s = wp_unslash( trim( $_REQUEST[ 's' ] ) ); - $where_values[] = $wpdb->esc_like( $s ); + $where_values[] = '%' . $wpdb->esc_like( wc_clean( wp_unslash( $_REQUEST['s'] ) ) ) . '%'; } if ( ! empty( $where_conditions ) ) { From 9ae73bcc448f82a331e8ab61495a4926245fb638 Mon Sep 17 00:00:00 2001 From: Grzegorz Rola Date: Wed, 8 Nov 2017 17:02:08 +0100 Subject: [PATCH 4/4] wp_unslash() needs to always comes first --- includes/admin/views/html-admin-page-status-logs-db.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/admin/views/html-admin-page-status-logs-db.php b/includes/admin/views/html-admin-page-status-logs-db.php index 3d25bd1d277..942d9ee77ec 100644 --- a/includes/admin/views/html-admin-page-status-logs-db.php +++ b/includes/admin/views/html-admin-page-status-logs-db.php @@ -8,7 +8,7 @@ if ( ! defined( 'ABSPATH' ) ) { } $s = ''; if ( isset( $_REQUEST['s'] ) ) { - $s = wc_clean( $_REQUEST['s'] ); + $s = wc_clean( wp_unslash( $_REQUEST['s'] ) ); } ?>