diff --git a/README.txt b/README.txt index 7402b8f..a6037a9 100644 --- a/README.txt +++ b/README.txt @@ -1,10 +1,10 @@ -=== Plugin Name === +=== Inspect HTTP Requests === Contributors: expresstechsoftware, webbdeveloper, sunnysoni, vanbom, eilandert Donate link: https://paypal.me/supportets -Tags: log, wp_http, requests, update checks, api, http_api_debug, pre_http_request, http_request_args +Tags: log, wp_http, requests, update checks, api Requires at least: 3.0.1 Tested up to: 6.5 -Stable tag: 1.0.7 +Stable tag: 1.0.8 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -66,8 +66,11 @@ define( 'inspect_http_requests_ignored_urls', [ == Screenshots == 1. The plugin menu is Available inside tools -= 1.0.6 = -* Support Wordpress 6.4.2 +== Changelog == + += 1.0.8 = + +* Updated functionality to retrieve the base URL and compare it with database entries. Manually added base URLs with runtime 0 are now ignored. Note: This functionality currently applies only to base URLs. * Sort the admin page on blocked url's and sort URL's on alphabet * Stop logging to database if administrator has manually added a matching base-url in the database. * Added option to block by default, define( 'inspect-http-requests-default-block', true ) in wp-config.php @@ -80,6 +83,10 @@ define( 'inspect_http_requests_ignored_urls', [ 'api', ]); + += 1.0.7 = +* Support WordPress 6.5 + = 1.0.4 = * Support WordPress 6.3 diff --git a/admin/class-inspect-http-requests-admin.php b/admin/class-inspect-http-requests-admin.php index 6d90910..3a3c547 100644 --- a/admin/class-inspect-http-requests-admin.php +++ b/admin/class-inspect-http-requests-admin.php @@ -148,12 +148,16 @@ public function ets_inspect_http_requests_capture_request( $response, $context, } $table_name = $this->table_name; - /* Try to get $default_block from wp_config.php */ - if (defined('inspect_http_requests_default_block')) { - if ( ( inspect_http_requests_default_block == true )||( inspect_http_requests_default_block == "1" ) ) { - $default_block = 1; - } else { $default_block = 0; } - } else { $default_block = 0; } + /* Try to get $default_block from wp_config.php */ + if ( defined( 'inspect_http_requests_default_block' ) ) { + if ( ( constant( 'inspect_http_requests_default_block' ) == true ) || ( constant( 'inspect_http_requests_default_block' ) == '1' ) ) { + $default_block = 1; + } else { + $default_block = 0; + } + } else { + $default_block = 0; + } $request_args = json_encode( $args ); $http_api_call_data = apply_filters( @@ -201,13 +205,13 @@ public function ets_inspect_http_requests_update_status_url() { $ets_checked = 0; } - $update_sql = $wpdb->prepare( " UPDATE `{$table_name}` SET `is_blocked` = %s WHERE `ID` =%d;" ,$ets_checked, $_POST['ets_url_id'] ); + $update_sql = $wpdb->prepare( " UPDATE `{$table_name}` SET `is_blocked` = %s WHERE `ID` =%d;", $ets_checked, $_POST['ets_url_id'] ); if ( $wpdb->query( $update_sql ) ) { - if ( $ets_checked === 1 && ets_inspect_http_request_get_blocked_url ( $_POST['ets_url_id'] ) ) { - $url_to_log = ets_inspect_http_request_get_blocked_url ( $_POST['ets_url_id'] ); + if ( $ets_checked === 1 && ets_inspect_http_request_get_blocked_url( $_POST['ets_url_id'] ) ) { + $url_to_log = ets_inspect_http_request_get_blocked_url( $_POST['ets_url_id'] ); ets_inspect_http_request_log_blocked_url( $url_to_log ); } - echo json_encode( ['re' => 'yes'] ); + echo json_encode( array( 're' => 'yes' ) ); } else { $wpdb->print_error(); } @@ -220,23 +224,24 @@ public function ets_inspect_http_requests_update_status_url() { * @since 1.0.0 */ public function ets_inspect_http_requests_ignore_specific_hostname( $data ) { - /* Try to get array $ignored_urls from wp.config.php */ - if ( defined( 'inspect_http_requests_ignored_urls' ) ) { - $ignored_urls = inspect_http_requests_ignored_urls; - } else { - /* Get the BASE-URL of our wordpress site and remove the scheme */ - $site_url = home_url(); - $url_parts = parse_url($site_url); - $url_base = $url_parts['host']; - /* Create $ignored_urls */ - $ignored_urls = [ $url_base, 'wordpress.org']; - } + /* Try to get array $ignored_urls from wp.config.php */ + if ( defined( 'inspect_http_requests_ignored_urls' ) ) { + $ignored_urls = constant( 'inspect_http_requests_ignored_urls' ); + + } else { + /* Get the BASE-URL of our WordPress site and remove the scheme */ + $site_url = home_url(); + $url_parts = parse_url( $site_url ); + $url_base = $url_parts['host']; + /* Create $ignored_urls */ + $ignored_urls = array( $url_base, 'wordpress.org' ); + } /* Loop through the ignorelist */ - foreach ($ignored_urls as $iu) { - if ( false !== strpos( $data['URL'], $iu ) ) { - return false; - } + foreach ( $ignored_urls as $iu ) { + if ( false !== strpos( $data['URL'], $iu ) ) { + return false; + } } if ( ets_inspect_http_request_check_duplicate_url( $data['URL'] ) ) { @@ -258,11 +263,11 @@ public function ets_inspect_http_requests_approved_requests( $preempt, $parsed_a if ( is_array( $list_urls ) && count( $list_urls ) > 0 ) { return new WP_Error( 'http_request_block', __( 'This request is not allowed', 'inspect-http-requests' ) ); } else { - return $preempt; - } - } + return $preempt; + } + } - public function ets_inspect_http_requests_get_runtime ( $args ) { + public function ets_inspect_http_requests_get_runtime( $args ) { $this->start_time = microtime( true ); return $args; } @@ -297,28 +302,33 @@ public function ets_inspect_http_requests_add_valid_url() { exit(); } - // Validate url - if ( filter_var( trim( $_POST['valid_url'] ) , FILTER_VALIDATE_URL ) === false ){ + // Validate url + if ( filter_var( trim( $_POST['valid_url'] ), FILTER_VALIDATE_URL ) === false ) { echo 'false'; exit(); } - /* Try to get $default_block from wp_config.php */ - if (defined('inspect_http_requests_default_block')) { - if ( ( inspect_http_requests_default_block == true )||( inspect_http_requests_default_block == "1" ) ) { - $default_block = 1; - } else { $default_block = 0; } - } else { $default_block = 0; } - - $http_api_call_data = apply_filters( 'ets_inspect_http_requests_ignore_hostname', array( - 'URL' => sanitize_url ( $_POST['valid_url'] ), - 'request_args' => '', - 'response' => '', - 'transport' => '', - 'runtime' => '', - 'date_added' => date('Y-m-d H:i:s'), - 'is_blocked' => $default_block, - ) ) ; + /* Try to get $default_block from wp_config.php */ + if ( defined( 'inspect_http_requests_default_block' ) ) { + if ( ( inspect_http_requests_default_block == true ) || ( inspect_http_requests_default_block == '1' ) ) { + $default_block = 1; + } else { + $default_block = 0; } + } else { + $default_block = 0; } + + $http_api_call_data = apply_filters( + 'ets_inspect_http_requests_ignore_hostname', + array( + 'URL' => sanitize_url( $_POST['valid_url'] ), + 'request_args' => '', + 'response' => '', + 'transport' => '', + 'runtime' => '', + 'date_added' => date( 'Y-m-d H:i:s' ), + 'is_blocked' => $default_block, + ) + ); if ( false !== $http_api_call_data ) { if ( ! $wpdb->insert( $table_name, $http_api_call_data ) ) { $wpdb->print_error(); @@ -328,10 +338,10 @@ public function ets_inspect_http_requests_add_valid_url() { exit(); } - public function ets_inspect_http_requests_delete_url (){ + public function ets_inspect_http_requests_delete_url() { global $wpdb; $table_name = $this->table_name; - + if ( ! current_user_can( 'administrator' ) ) { wp_send_json_error( 'You do not have sufficient rights', 403 ); exit(); @@ -341,16 +351,16 @@ public function ets_inspect_http_requests_delete_url (){ wp_send_json_error( 'You do not have sufficient rights', 403 ); exit(); } - $url_id = $_POST['url_id']; - $delete_sql = $wpdb->prepare( "DELETE FROM `{$table_name}` WHERE `ID` ='%d'; " , $url_id ); - if( $wpdb->query( $delete_sql ) ){ - echo ets_inspect_http_request_get_data(); - + $url_id = $_POST['url_id']; + $delete_sql = $wpdb->prepare( "DELETE FROM `{$table_name}` WHERE `ID` ='%d'; ", $url_id ); + if ( $wpdb->query( $delete_sql ) ) { + echo ets_inspect_http_request_get_data(); + } else { echo 'false'; } - + exit(); - + } } diff --git a/includes/class-inspect-http-requests.php b/includes/class-inspect-http-requests.php index dd59091..30463ba 100644 --- a/includes/class-inspect-http-requests.php +++ b/includes/class-inspect-http-requests.php @@ -57,7 +57,7 @@ public function __construct() { if ( defined( 'INSPECT_HTTP_REQUESTS_VERSION' ) ) { $this->version = INSPECT_HTTP_REQUESTS_VERSION; } else { - $this->version = '1.0.7'; + $this->version = '1.0.8'; } $this->plugin_name = 'inspect-http-requests'; diff --git a/includes/functions.php b/includes/functions.php index 0db8344..150e6ff 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -14,18 +14,18 @@ function ets_inspect_http_request_get_data( $search = false ) { $list_urls = $wpdb->get_results( $sql, ARRAY_A ); $table_list_urls = ''; foreach ( $list_urls as $list_url ) { - ( $list_url['is_blocked'] ) ? $cheked = "checked" : $cheked = '' ; - $table_list_urls .= ''; - $table_list_urls .= '' . $list_url['ID'] . ''; - $table_list_urls .= ''; - $table_list_urls .= '' . $list_url['URL'] . ''; - $table_list_urls .= '' . ets_format_json_request_args( $list_url['request_args'] ) . ''; - $table_list_urls .= '' . ets_format_json_response( $list_url['response'] ) . ''; - $table_list_urls .= '' . $list_url['transport'] . ''; - $table_list_urls .= '' . round ( (float)$list_url['runtime'] , 4 ) . ''; - $table_list_urls .= '' . get_date_from_gmt( $list_url['date_added'] , 'Y-m-d H:i:s' ) . ''; - $table_list_urls .= ''; - $table_list_urls .= ''; + ( $list_url['is_blocked'] ) ? $cheked = 'checked' : $cheked = ''; + $table_list_urls .= ''; + $table_list_urls .= '' . $list_url['ID'] . ''; + $table_list_urls .= ''; + $table_list_urls .= '' . $list_url['URL'] . ''; + $table_list_urls .= '' . ets_format_json_request_args( $list_url['request_args'] ) . ''; + $table_list_urls .= '' . ets_format_json_response( $list_url['response'] ) . ''; + $table_list_urls .= '' . $list_url['transport'] . ''; + $table_list_urls .= '' . round( (float) $list_url['runtime'], 4 ) . ''; + $table_list_urls .= '' . get_date_from_gmt( $list_url['date_added'], 'Y-m-d H:i:s' ) . ''; + $table_list_urls .= ''; + $table_list_urls .= ''; } return $table_list_urls; @@ -35,30 +35,30 @@ function ets_inspect_http_request_check_duplicate_url( $url ) { global $wpdb; $table_name = $wpdb->prefix . 'ets_wp_outbound_http_requests'; - /* - * Get the base url. Compare it in the database. - * If it's manually added it has runtime 0 and we want to ignore it. - * This works currently only with base urls - */ + /* + * Get the base url. Compare it in the database. + * If it's manually added it has runtime 0 and we want to ignore it. + * This works currently only with base urls + */ - $url_parts = parse_url($url); - $url_base = $url_parts['scheme'] . '://' . $url_parts['host']; - $sql_query = "SELECT count(`runtime`) AS c FROM `{$table_name}` WHERE LOWER(`URL`) = '" . strtolower( trim( $url_base ) ) . "' and runtime = '' ;"; - $result = $wpdb->get_results( $sql_query, ARRAY_A ); + $url_parts = parse_url( $url ); + $url_base = $url_parts['scheme'] . '://' . $url_parts['host']; + $sql_query = "SELECT count(`runtime`) AS c FROM `{$table_name}` WHERE LOWER(`URL`) = '" . strtolower( trim( $url_base ) ) . "' and runtime = '' ;"; + $result = $wpdb->get_results( $sql_query, ARRAY_A ); - if ( is_array( $result ) && isset( $result[0]['c'] ) && $result[0]['c'] >= 1 ) { - return true; - } + if ( is_array( $result ) && isset( $result[0]['c'] ) && $result[0]['c'] >= 1 ) { + return true; + } - $sql_query = "SELECT count(`ID`) AS c FROM `{$table_name}` WHERE LOWER(`URL`) = '" . strtolower( trim( $url ) ) . "' ;"; + $sql_query = "SELECT count(`ID`) AS c FROM `{$table_name}` WHERE LOWER(`URL`) = '" . strtolower( trim( $url ) ) . "' ;"; - $result = $wpdb->get_results( $sql_query, ARRAY_A ); + $result = $wpdb->get_results( $sql_query, ARRAY_A ); - if ( is_array( $result ) && isset( $result[0]['c'] ) && $result[0]['c'] >= 1 ) { - return true; - } + if ( is_array( $result ) && isset( $result[0]['c'] ) && $result[0]['c'] >= 1 ) { + return true; + } - return false; + return false; } function ets_inspect_http_request_log_blocked_url( $url ) { @@ -70,105 +70,118 @@ function ets_inspect_http_request_log_blocked_url( $url ) { function ets_inspect_http_request_get_blocked_url( $id ) { global $wpdb; $table_name = $wpdb->prefix . 'ets_wp_outbound_http_requests'; - $url_sql = "SELECT `URL` AS url FROM `{$table_name}` WHERE `ID` =" . $id . ";"; - $the_url = $wpdb->get_results( $url_sql , ARRAY_A ); - if( is_array( $the_url ) && isset( $the_url[0]['url'] ) ){ + $url_sql = "SELECT `URL` AS url FROM `{$table_name}` WHERE `ID` =" . $id . ';'; + $the_url = $wpdb->get_results( $url_sql, ARRAY_A ); + if ( is_array( $the_url ) && isset( $the_url[0]['url'] ) ) { return $the_url[0]['url']; } else { return false; - } + } } -function ets_get_formatted_json( $request_args, &$html='' ) { - -// if( is_object( json_decode ( $request_args ) ) ){ -// -// foreach( json_decode( $request_args) as $key => $value ) { -// if ( is_object( $value ) ) { -// ets_get_formatted_json( $value ,$html ); -// -// } else { -// if( is_array( $value ) ){ -// // -// } else{ -// $html .= '
' . $key . ':' . $value.'
'; -// } -// } -// } -// } -// return $html; +function ets_get_formatted_json( $request_args, &$html = '' ) { + + // if( is_object( json_decode ( $request_args ) ) ){ + // + // foreach( json_decode( $request_args) as $key => $value ) { + // if ( is_object( $value ) ) { + // ets_get_formatted_json( $value ,$html ); + // + // } else { + // if( is_array( $value ) ){ + // + // } else{ + // $html .= '
' . $key . ':' . $value.'
'; + // } + // } + // } + // } + // return $html; } -function ets_format_json_request_args ( $request_args ){ - +function ets_format_json_request_args( $request_args ) { + $request_args = json_decode( $request_args ); - if( ! is_object ( $request_args ) ) { + if ( ! is_object( $request_args ) ) { return; } - $reject_unsafe_urls = ( $request_args->reject_unsafe_urls ) ? 'true' : 'false'; - $blocking = ( $request_args->blocking ) ? 'true' : 'false'; - $compress = ( $request_args->compress ) ? 'true' : 'false'; - $decompress = ( $request_args->decompress ) ? 'true' : 'false'; - $sslverify = ( $request_args->sslverify ) ? 'true' : 'false'; - $stream = ( $request_args->stream ) ? 'true' : 'false'; - $filename = ( is_null( $request_args->filename ) ) ? 'Null' : $request_args->filename; - $limit_response_size = ( is_null( $request_args->limit_response_size ) ) ? 'Null' : $request_args->limit_response_size; - $_redirection = ( is_null( $request_args->_redirection ) ) ? 'Null' : $request_args->_redirection; - - $request_args_html = '