PK!AL6++wfAuditLogObserversPreview.phpnu„[µü¤_addObserver('user_register', function() use ($auditLog) { //User created self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreUser::USER_CREATED); }); $auditLog->_addObserver('deleted_user', function() use ($auditLog) { //User deleted self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreUser::USER_DELETED); }); $auditLog->_addObserver('wp_login', function() use ($auditLog) { //User logged in self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreUser::USER_LOGGED_IN); }); $auditLog->_addObserver('after_password_reset', function() use ($auditLog) { //User password reset self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreUser::USER_PASSWORD_RESET); }); $auditLog->_addObserver('set_auth_cookie', function() use ($auditLog) { //Auth cookie set self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreUser::USER_AUTH_COOKIE_SET); }); $auditLog->_addObserver('add_user_role', function() use ($auditLog) { //User role assigned self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreUser::USER_ROLE_ADDED); }); $auditLog->_addObserver('wp_create_application_password', function() use ($auditLog) { //User application password created self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreUser::USER_APP_PASSWORD_CREATED); }); $auditLog->_addObserver('export_wp', function() use ($auditLog) { //Exported WP data self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_DATA_EXPORTED); }); $auditLog->_addObserver('update_option_default_role', function() use ($auditLog) { //Default role on user registration self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_OPTION_DEFAULT_ROLE); }); $auditLog->_addObserver('update_option_users_can_register', function() use ($auditLog) { //User registration allowed self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_OPTION_USER_REGISTRATION); }); $auditLog->_addObserver('update_option_siteurl', function() use ($auditLog) { //Site URL self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_OPTION_SITE_URL); }); $auditLog->_addObserver('update_option_home', function() use ($auditLog) { //Home URL self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_OPTION_HOME_URL); }); $auditLog->_addObserver('update_option_admin_email', function() use ($auditLog) { //Admin email self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_OPTION_ADMIN_EMAIL); }); $auditLog->_addObserver('update_option_default_comment_status', function() use ($auditLog) { //Default comment status self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_OPTION_DEFAULT_COMMENT_STATUS); }); $auditLog->_addObserver('update_option_template', function() use ($auditLog) { //Theme selected, this is the parent theme value self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_OPTION_TEMPLATE); }); $auditLog->_addObserver('update_option_stylesheet', function() use ($auditLog) { //Theme selected, this is the child theme value self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_OPTION_STYLESHEET); }); $auditLog->_addObserver('upgrader_post_install', function($response, $hook_extra, $result) use ($auditLog) { //Plugin/theme installed/updated if ($response && !is_wp_error($result)) { //Same flow as wfAuditLogObserversWordPressCoreSite->upgrader_post_install handler, which contains a data structure reference if (isset($hook_extra['action']) && isset($hook_extra['type']) && isset($result['source']) && isset($result['destination'])) { //Install if ($hook_extra['action'] == 'install') { if ($hook_extra['type'] == 'plugin') { self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_PLUGIN_INSTALLED); } else if ($hook_extra['type'] == 'theme') { self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_THEME_INSTALLED); } } } else if (isset($hook_extra['plugin']) && isset($result['source']) && isset($result['destination'])) { //Plugin update self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_UPDATE_PLUGIN); } else if (isset($hook_extra['theme']) && isset($result['source']) && isset($result['destination'])) { //Theme update self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_UPDATE_THEME); } } return $response; }, 'filter'); $auditLog->_addObserver('activated_plugin', function() use ($auditLog) { //Plugin activated self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_PLUGIN_ACTIVATED); }); $auditLog->_addObserver('deactivated_plugin', function() use ($auditLog) { //Plugin deactivated self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_PLUGIN_DEACTIVATED); }); $auditLog->_addObserver('deleted_plugin', function() use ($auditLog) { //Plugin deleted self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_PLUGIN_DELETED); }); $auditLog->_addObserver('switch_theme', function() use ($auditLog) { //Theme switched self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_THEME_SWITCHED); }); $auditLog->_addObserver('deleted_theme', function() use ($auditLog) { //Theme deleted self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_THEME_DELETED); }); $auditLog->_addObserver('customize_save_after', function() use ($auditLog) { //Theme customized self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_THEME_CUSTOMIZED); }); $auditLog->_addObserver('upgrader_process_complete', function($upgrader, $hook_extra) use ($auditLog) { //Core updated if (is_array($hook_extra) && isset($hook_extra['type']) && $hook_extra['type'] == 'core' && isset($hook_extra['action']) && $hook_extra['action'] == 'update') { self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_UPDATE_CORE); } }); $auditLog->_addObserver('automatic_updates_complete', function() use ($auditLog) { //Automatic updates complete self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_UPDATE_AUTOMATIC_COMPLETED); }); $auditLog->_addObserver('generate_recovery_mode_key', function() use ($auditLog) { //Recovery key generated self::_recordLocalEvent($auditLog, wfAuditLogObserversWordPressCoreSite::SITE_RECOVERY_MODE_KEY_GENERATED); }); $auditLog->_addObserver('wordfence_ls_2fa_deactivated', function() use ($auditLog) { //2FA deactivated on a user self::_recordLocalEvent($auditLog, wfAuditLogObserversWordfence::WORDFENCE_LS_2FA_DEACTIVATED); }); $auditLog->_addObserver('wordfence_ls_2fa_activated', function() use ($auditLog) { //2FA activated on a user self::_recordLocalEvent($auditLog, wfAuditLogObserversWordfence::WORDFENCE_LS_2FA_ACTIVATED); }); $auditLog->_addObserver('wordfence_waf_mode', function() use ($auditLog) { //WAF mode setting changed self::_recordLocalEvent($auditLog, wfAuditLogObserversWordfence::WORDFENCE_WAF_MODE_CHANGED); }); $auditLog->_addObserver('wordfence_waf_changed_rule_status', function() use ($auditLog) { //WAF rule mode(s) changed self::_recordLocalEvent($auditLog, wfAuditLogObserversWordfence::WORDFENCE_WAF_RULE_STATUS_CHANGED); }); $auditLog->_addObserver('wordfence_waf_changed_protection_level', function() use ($auditLog) { //WAF protection level changed self::_recordLocalEvent($auditLog, wfAuditLogObserversWordfence::WORDFENCE_WAF_PROTECTION_LEVEL_CHANGED); }); $auditLog->_addObserver('wordfence_waf_toggled_blocklist', function() use ($auditLog) { //WAF blocklist toggled on/off self::_recordLocalEvent($auditLog, wfAuditLogObserversWordfence::WORDFENCE_WAF_BLOCKLIST_TOGGLED); }); $auditLog->_addObserver('wordfence_updated_country_blocking', function() use ($auditLog) { //Country block changed self::_recordLocalEvent($auditLog, wfAuditLogObserversWordfence::WORDFENCE_BLOCKING_COUNTRY_UPDATED); }); $auditLog->_addObserver('wordfence_created_ip_pattern_block', function() use ($auditLog) { //IP or Pattern block created manually self::_recordLocalEvent($auditLog, wfAuditLogObserversWordfence::WORDFENCE_BLOCKING_IP_PATTERN_CREATED); }); $auditLog->_addObserver('wordfence_deleted_block', function() use ($auditLog) { //Block deleted manually self::_recordLocalEvent($auditLog, wfAuditLogObserversWordfence::WORDFENCE_BLOCKING_DELETED); }); } /** * Queues an audit event for saving to the local audit log preview. * * @param wfAuditLog $auditLog * @param string $type * @param int|null $timestamp */ private static function _recordLocalEvent($auditLog, $type, $timestamp = null) { if ($timestamp === null) { $timestamp = time(); } $recentEvents = $auditLog->_getState('disabledAuditLogRecentEvents', 0); if (empty($recentEvents)) { $recentEvents = array(); } array_unshift($recentEvents, array($type, $timestamp)); $auditLog->_trackState('disabledAuditLogRecentEvents', $recentEvents, 0); if (!$auditLog->_getState('disabledAuditLogDestructRegistered', 0)) { register_shutdown_function(function($auditLog) { self::_recentEventsLastAction($auditLog); }, $auditLog); //Wrapped in a closure because `register_shutdown_function` can't handle private static functions directly $auditLog->_trackState('disabledAuditLogDestructRegistered', true, 0); } } /** * Performed as a shutdown handler to save the recent events list. * * @param wfAuditLog $auditLog */ private static function _recentEventsLastAction($auditLog) { global $wpdb; $suppressed = $wpdb->suppress_errors(!(defined('WFWAF_DEBUG') && WFWAF_DEBUG)); $recentEvents = $auditLog->_getState('disabledAuditLogRecentEvents', 0); $auditLog->_updateAuditPreview(array($recentEvents)); $auditLog->_trackState('disabledAuditLogRecentEvents', array(), 0); $wpdb->suppress_errors($suppressed); } }PK!êt|$G$G+wfAuditLogObserversWordPressCoreContent.phpnu„[µü¤ array( self::ATTACHMENT_CREATED, self::ATTACHMENT_DELETED, self::ATTACHMENT_UPDATED, self::PAGE_CREATED, self::PAGE_DELETED, self::PAGE_UPDATED, self::PAGE_MARK_TRASHED, self::PAGE_UNMARK_TRASHED, self::POST_CREATED, self::POST_DELETED, self::POST_UPDATED, self::POST_MARK_TRASHED, self::POST_UNMARK_TRASHED, ), ); } public static function eventNames() { return array( self::ATTACHMENT_CREATED => __('Attachment Created', 'wordfence'), self::ATTACHMENT_DELETED => __('Attachment Deleted', 'wordfence'), self::ATTACHMENT_UPDATED => __('Attachment Updated', 'wordfence'), //Pages self::PAGE_CREATED => __('Page Created', 'wordfence'), self::PAGE_DELETED => __('Page Deleted', 'wordfence'), self::PAGE_UPDATED => __('Page Updated', 'wordfence'), self::PAGE_MARK_TRASHED => __('Page Moved to Trash', 'wordfence'), self::PAGE_UNMARK_TRASHED => __('Page Removed from Trash', 'wordfence'), //Posts self::POST_CREATED => __('Post Created', 'wordfence'), self::POST_DELETED => __('Post Deleted', 'wordfence'), self::POST_UPDATED => __('Post Updated', 'wordfence'), self::POST_MARK_TRASHED => __('Post Moved to Trash', 'wordfence'), self::POST_UNMARK_TRASHED => __('Post Removed from Trash', 'wordfence'), ); } public static function eventRateLimiters() { return array(); } /** * Registers the observers for this class's chunk of functionality. * * @param wfAuditLog $auditLog */ protected static function _registerObservers($auditLog) { if ($auditLog->mode() != self::AUDIT_LOG_MODE_ALL) { return; } //Attachments $auditLog->_addObserver('add_attachment', function($post_id) use ($auditLog) { //Attachment created $post = get_post($post_id); $auditLog->_recordAction(self::ATTACHMENT_CREATED, $auditLog->_sanitizePost($post)); }); $auditLog->_addObserver('attachment_updated', function($post_id, $post_after, $post_before) use ($auditLog) { //Attachment updated $changes = array_keys($auditLog->_postDiff($post_before, $post_after)); if (!$auditLog->_shouldRecordPostChanges($changes)) { //No meaningful changes to the record itself, skip this entry return; } $auditLog->_recordAction(self::ATTACHMENT_UPDATED, array_merge(array( 'changes' => $changes, ), $auditLog->_sanitizePost($post_after))); }); $auditLog->_addObserver('delete_attachment', function($post_id, $post = null /* WP >= 5.5 */) use ($auditLog) { //Attachment deleted if ($post === null) { $post = get_post($post_id); } $auditLog->_recordAction(self::ATTACHMENT_DELETED, $auditLog->_sanitizePost($post)); }); $auditLog->_addObserver('rest_after_insert_attachment', function($attachment, $request, $creating) use ($auditLog) { //Attachment added/updated via REST API, data already populated $auditLog->_recordAction($creating ? self::ATTACHMENT_CREATED : self::ATTACHMENT_UPDATED, array( 'source' => 'REST', ), true); }); $auditLog->_addObserver('rest_insert_attachment', function($attachment, $request, $creating) use ($auditLog) { //Attachment added/updated via REST API, data already populated $auditLog->_recordAction($creating ? self::ATTACHMENT_CREATED : self::ATTACHMENT_UPDATED, array( 'source' => 'REST', ), true); }); $auditLog->_addObserver('xmlrpc_call_success_mw_newMediaObject', function($id) use ($auditLog) { //Attachment added via XML-RPC API, data already populated $auditLog->_recordAction(self::ATTACHMENT_CREATED, array( 'source' => 'XMLRPC', ), true); }); //Post/Page $auditLog->_addObserver('wp_insert_post', function($post_id, $post /** @var WP_Post $post */, $update) use ($auditLog) { //Post/page created if (function_exists('wp_after_insert_post')) { //WP >= 5.6, prefer that hook when present return; } if ($post->post_type == self::WP_POST_TYPE_REVISION || $post->post_status == self::WP_POST_STATUS_AUTO_DRAFT || $post->post_type == self::WP_POST_TYPE_THEME_CUSTOMIZATION || $post->post_type == self::WP_POST_TYPE_NAV_MENU_ITEM) { //Ignore -- covered by other actions return; } if ($update) { $action = self::POST_UPDATED; if ($post->post_type == self::WP_POST_TYPE_PAGE) { $action = self::PAGE_UPDATED; } if ($auditLog->_hasState('pre_post_update.post', $post_id)) { $before = $auditLog->_getState('pre_post_update.post', $post_id); if (isset($before->post_status) && $before->post_status == self::WP_POST_STATUS_AUTO_DRAFT) { //Technically an update but really just converting the auto-draft into a populated post so call it a creation $action = self::POST_CREATED; if ($post->post_type == self::WP_POST_TYPE_PAGE) { $action = self::PAGE_CREATED; } } } } else { $action = self::POST_CREATED; if ($post->post_type == self::WP_POST_TYPE_PAGE) { $action = self::PAGE_CREATED; } } $auditLog->_recordAction($action, $auditLog->_sanitizePost($post)); }); $auditLog->_addObserver('post_updated', function($post_id, $post_after, $post_before) use ($auditLog) { //Post/page updated if (function_exists('wp_after_insert_post')) { //WP >= 5.6, prefer that hook when present return; } $changes = array_keys($auditLog->_postDiff($post_before, $post_after)); if (!$auditLog->_shouldRecordPostChanges($changes)) { //No meaningful changes to the record itself, skip this entry return; } if ($post_after->post_type == self::WP_POST_TYPE_REVISION || //Ignore -- relevant revision changes will be captured when they're saved to the owning post record ($post_before && $post_before->post_status == self::WP_POST_STATUS_AUTO_DRAFT) || $post_after->post_status == self::WP_POST_STATUS_AUTO_DRAFT || //Not interested in these until they become a post $post_after->post_type == self::WP_POST_TYPE_THEME_CUSTOMIZATION || $post_after->post_type == self::WP_POST_TYPE_NAV_MENU_ITEM //Not a type we care about ) { return; } $auditLog->_recordAction($post_after->post_type == self::WP_POST_TYPE_PAGE ? self::PAGE_UPDATED : self::POST_UPDATED, array_merge(array( 'changes' => $changes, ), $auditLog->_sanitizePost($post_after))); }); $auditLog->_addObserver('wp_after_insert_post' /* WP >= 5.6 */, function($post_id, $_ignored, $update, $post_before /** @var WP_Post $post_before */) use ($auditLog) { //Post/page created $post_after = get_post($post_id); if ($post_after->post_type == self::WP_POST_TYPE_REVISION || //Ignore -- relevant revision changes will be captured when they're saved to the owning post record $post_after->post_status == self::WP_POST_STATUS_AUTO_DRAFT || //Not interested in these until they become a permanent post $post_after->post_type == self::WP_POST_TYPE_THEME_CUSTOMIZATION || $post_after->post_type == self::WP_POST_TYPE_NAV_MENU_ITEM //Not a type we care about ) { return; } $changes = null; if ($post_before) { $changes = array_keys($auditLog->_postDiff($post_before, $post_after)); if (!$auditLog->_shouldRecordPostChanges($changes)) { //No meaningful changes to the record itself, skip this entry return; } } if ($update) { $action = self::POST_UPDATED; if ($post_after->post_type == self::WP_POST_TYPE_PAGE) { $action = self::PAGE_UPDATED; } if ($auditLog->_hasState('pre_post_update.post', $post_id)) { $before = $auditLog->_getState('pre_post_update.post', $post_id); if (isset($before->post_status) && $before->post_status == self::WP_POST_STATUS_AUTO_DRAFT) { //Technically an update but really just converting the auto-draft into a populated post so call it a creation $changes = null; $action = self::POST_CREATED; if ($post_after->post_type == self::WP_POST_TYPE_PAGE) { $action = self::PAGE_CREATED; } } } } else { $action = self::POST_CREATED; if ($post_after->post_type == self::WP_POST_TYPE_PAGE) { $action = self::PAGE_CREATED; } } $payload = $auditLog->_sanitizePost($post_after); if ($changes) { $payload['changes'] = $changes; } $auditLog->_recordAction($action, $payload); }); $auditLog->_addObserver('rest_after_insert_page', function($page, $request, $creating) use ($auditLog) { //Page created/updated via REST API, data already populated $auditLog->_recordAction($creating ? self::PAGE_CREATED : self::PAGE_UPDATED, array( 'source' => 'REST', ), true); }); $auditLog->_addObserver('rest_after_insert_post', function($post, $request, $creating) use ($auditLog) { //Post created/updated via REST API, data already populated $auditLog->_recordAction($creating ? self::POST_CREATED : self::POST_UPDATED, array( 'source' => 'REST', ), true); }); $auditLog->_addObserver(array('xmlrpc_call_success_blogger_newPost', 'xmlrpc_call_success_mw_newPost'), function($post_id) use ($auditLog) { //Page/Post added via XML-RPC API, data already populated $post = WP_Post::get_instance($post_id); if (!$post) { return; } $auditLog->_recordAction($post->post_type == self::WP_POST_TYPE_PAGE ? self::PAGE_CREATED : self::POST_CREATED, array( 'source' => 'XMLRPC', ), true); }); $auditLog->_addObserver('xmlrpc_call', function($action, $args = array() /* WP >= 5.7 */) use ($auditLog) { //Page/Post action via XML-RPC API, data already populated switch ($action) { case 'wp.newPost': if (!empty($args)) { //Not populated prior to WP 5.7 so omit this from the event (it will still record the rest, not not tagged as XML-RPC) $content_struct = $args[3]; if (!isset($content_struct['post_type'])) { $content_struct['post_type'] = 'post'; } //Apply the default $auditLog->_recordAction($content_struct['post_type'] == self::WP_POST_TYPE_PAGE ? self::PAGE_CREATED : self::POST_CREATED, array( 'source' => 'XMLRPC', ), true); } break; case 'wp.editPost': if (!empty($args)) { //Not populated prior to WP 5.7 so omit this from the event (it will still record the rest, not not tagged as XML-RPC) $post_id = (int) $args[3]; $post = WP_Post::get_instance($post_id); if (!$post) { return; } $auditLog->_recordAction($post->post_type == self::WP_POST_TYPE_PAGE ? self::PAGE_UPDATED : self::POST_UPDATED, array( 'source' => 'XMLRPC', ), true); } break; case 'wp.deletePost': if (!empty($args)) { //Not populated prior to WP 5.7 so omit this from the event (it will still record the rest, not not tagged as XML-RPC) $post_id = (int) $args[3]; $post = WP_Post::get_instance($post_id); if (!$post) { return; } $auditLog->_recordAction($post->post_type == self::WP_POST_TYPE_PAGE ? self::PAGE_DELETED : self::POST_DELETED, array( 'source' => 'XMLRPC', ), true); } break; case 'wp.newPage': if (!empty($args)) { //Not populated prior to WP 5.7 so omit this from the event (it will still record the rest, not not tagged as XML-RPC) $content_struct = $args[3]; if (!isset($content_struct['post_type'])) { $content_struct['post_type'] = 'post'; } //Apply the default $auditLog->_recordAction($content_struct['post_type'] == self::WP_POST_TYPE_PAGE ? self::PAGE_CREATED : self::POST_CREATED, array( 'source' => 'XMLRPC', ), true); } break; case 'wp.editPage': if (!empty($args)) { //Not populated prior to WP 5.7 so omit this from the event (it will still record the rest, not not tagged as XML-RPC) $post_id = (int) $args[1]; $post = WP_Post::get_instance($post_id); if (!$post) { return; } $auditLog->_recordAction($post->post_type == self::WP_POST_TYPE_PAGE ? self::PAGE_UPDATED : self::POST_UPDATED, array( 'source' => 'XMLRPC', ), true); } break; case 'mt.publishPost': if (!empty($args)) { //Not populated prior to WP 5.7 so omit this from the event (it will still record the rest, not not tagged as XML-RPC) $post_id = (int) $args[0]; $post = WP_Post::get_instance($post_id); if (!$post) { return; } $auditLog->_recordAction($post->post_type == self::WP_POST_TYPE_PAGE ? self::PAGE_UPDATED : self::POST_UPDATED, array( 'source' => 'XMLRPC', ), true); } break; } }); $auditLog->_addObserver(array('xmlrpc_call_success_blogger_editPost', 'xmlrpc_call_success_mw_editPost'), function($post_id) use ($auditLog) { //Page/Post updated via XML-RPC API, data already populated $post = WP_Post::get_instance($post_id); if (!$post) { return; } $auditLog->_recordAction($post->post_type == self::WP_POST_TYPE_PAGE ? self::PAGE_UPDATED : self::POST_UPDATED, array( 'source' => 'XMLRPC', ), true); }); $auditLog->_addObserver('deleted_post', function($post_id /** @var WP_Post $post also passed in WP > 5.5 */) use ($auditLog) { //Post/page deleted -- WP wraps a lot of functionality under the post storage type, so there are multiple events covered here if (!$auditLog->_hasState('delete_post.post')) { return; } $action = self::POST_DELETED; if ($auditLog->_getState('delete_post.post')['type'] == self::WP_POST_TYPE_PAGE) { $action = self::PAGE_DELETED; } $auditLog->_recordAction($action, $auditLog->_getState('delete_post.post')); }); $auditLog->_addObserver(array('xmlrpc_call_success_blogger_deletePost', 'xmlrpc_call_success_wp_deletePage'), function($post_id) use ($auditLog) { //Page/Post deleted via XML-RPC API, data already populated if (!$auditLog->_hasState('delete_post.post')) { return; } $auditLog->_recordAction($auditLog->_getState('delete_post.post')['type'] == self::WP_POST_TYPE_PAGE ? self::PAGE_CREATED : self::POST_CREATED, array( 'source' => 'XMLRPC', ), true); }); $auditLog->_addObserver('trashed_post', function($post_id) use ($auditLog) { //Post/page trashed $post = WP_Post::get_instance($post_id); if (!$post) { return; } if ($post->post_type == self::WP_POST_TYPE_REVISION || $post->post_type == self::WP_POST_TYPE_THEME_CUSTOMIZATION || $post->post_type == self::WP_POST_TYPE_NAV_MENU_ITEM) { //Ignore -- relevant revision changes will be captured when they're saved to the owning post record return; } $action = self::POST_MARK_TRASHED; if ($post->post_type == self::WP_POST_TYPE_PAGE) { $action = self::PAGE_MARK_TRASHED; } $auditLog->_recordAction($action, $auditLog->_sanitizePost($post)); }); $auditLog->_addObserver('untrashed_post', function($post_id) use ($auditLog) { //Post/page untrashed $post = WP_Post::get_instance($post_id); if (!$post) { return; } if ($post->post_type == self::WP_POST_TYPE_REVISION || $post->post_type == self::WP_POST_TYPE_THEME_CUSTOMIZATION || $post->post_type == self::WP_POST_TYPE_NAV_MENU_ITEM) { //Ignore -- relevant revision changes will be captured when they're saved to the owning post record return; } $action = self::POST_UNMARK_TRASHED; if ($post->post_type == self::WP_POST_TYPE_PAGE) { $action = self::PAGE_UNMARK_TRASHED; } $auditLog->_recordAction($action, $auditLog->_sanitizePost($post)); }); } /** * Registers the data gatherers for this class's chunk of functionality. * * @param wfAuditLog $auditLog */ protected static function _registerDataGatherers($auditLog) { $auditLog->_addObserver('delete_post', function($post_id /** @var WP_Post $post also passed in WP > 5.5 */) use ($auditLog) { //Post/page will be deleted $post = WP_Post::get_instance($post_id); if ($post) { if ($post->post_type == self::WP_POST_TYPE_ATTACHMENT) { $auditLog->_trackState('delete_post.attachment', $auditLog->_sanitizePost($post)); } else if ($post->post_type == self::WP_POST_TYPE_REVISION) { //Ignore -- relevant revision changes will be captured when they're saved to the owning post record } else if ($post->post_type == self::WP_POST_TYPE_THEME_CUSTOMIZATION) { //Ignore -- covered by a dedicated event } else if ($post->post_type == self::WP_POST_TYPE_NAV_MENU_ITEM) { //Ignore } else if ($post->post_status != self::WP_POST_STATUS_AUTO_DRAFT) { //Post, page, or a custom one that is not an auto-draft $auditLog->_trackState('delete_post.post', $auditLog->_sanitizePost($post)); //We grab this here so it's available in `deleted_post` for WP < 5.5 } } }); $auditLog->_addObserver('pre_post_update', function($post_id, $data) use ($auditLog) { //Post will be updated $auditLog->_trackState('pre_post_update.post', get_post($post_id), $post_id); }); } /** * Registers the coalescers for this class's chunk of functionality. * * @param wfAuditLog $auditLog */ protected static function _registerCoalescers($auditLog) { } }PK!a ´Ÿ11(wfAuditLogObserversWordPressCoreUser.phpnu„[µü¤ array( self::USER_CREATED, self::USER_DELETED, self::USER_UPDATED, self::USER_ROLE_ADDED, self::USER_ROLE_REMOVED, self::USER_META_CAPABILITIES, self::USER_META_LEVEL, self::USER_STATUS_HAM, self::USER_STATUS_SPAM, ), wfAuditLog::AUDIT_LOG_CATEGORY_AUTHENTICATION => array( self::USER_APP_PASSWORD_CREATED, self::USER_APP_PASSWORD_DELETED, self::USER_APP_PASSWORD_ACCEPTED, self::USER_LOGGED_IN, self::USER_LOGGED_OUT, self::USER_AUTH_COOKIE_SET, self::USER_PASSWORD_RESET, ), ); } public static function eventNames() { return array( self::USER_CREATED => __('User Created', 'wordfence'), self::USER_DELETED => __('User Deleted', 'wordfence'), self::USER_UPDATED => __('User Updated', 'wordfence'), self::USER_APP_PASSWORD_CREATED => __('App Password Created', 'wordfence'), self::USER_APP_PASSWORD_DELETED => __('App Password Deleted', 'wordfence'), self::USER_APP_PASSWORD_ACCEPTED => __('App Password Accepted', 'wordfence'), self::USER_LOGGED_IN => __('User Logged In', 'wordfence'), self::USER_LOGGED_OUT => __('User Logged Out', 'wordfence'), self::USER_AUTH_COOKIE_SET => __('Auth Cookie Set', 'wordfence'), self::USER_PASSWORD_RESET => __('Password Reset', 'wordfence'), self::USER_ROLE_ADDED => __('Role Added to User', 'wordfence'), self::USER_ROLE_REMOVED => __('Role Removed from User', 'wordfence'), self::USER_META_CAPABILITIES => __('User Capabilities Meta Value Changed', 'wordfence'), self::USER_META_LEVEL => __('User Level Meta Value Changed', 'wordfence'), self::USER_STATUS_HAM => __('User Unmarked as Spam', 'wordfence'), self::USER_STATUS_SPAM => __('User Marked as Spam', 'wordfence'), ); } public static function eventRateLimiters() { return array(); } /** * Registers the observers for this class's chunk of functionality. * * @param wfAuditLog $auditLog */ protected static function _registerObservers($auditLog) { $auditLog->_addObserver('init', function() use ($auditLog) { self::$initialUserID = get_current_user_id(); }); $auditLog->_addObserver('user_register', function($user_id, $userdata = null /* added WP 5.8.0 */) use ($auditLog) { //User created $auditLog->_recordAction(self::USER_CREATED, $auditLog->_sanitizeUserdata($userdata, $user_id)); }); $auditLog->_addObserver('profile_update', function($user_id, $old_user_data, $userdata = null /* added WP 5.8.0 */) use ($auditLog) { //User edited if ($userdata === null && $user_id !== null) { //May hit this on older WP versions where $userdata wasn't populated by the hook call $userdata = get_user_by('ID', $user_id); } $changes = array_keys($auditLog->_userdataDiff($old_user_data, $userdata)); if (empty($changes)) { //No actual changes to the record itself, just to usermeta so skip this entry return; } $auditLog->_recordAction(self::USER_UPDATED, array_merge(array( 'changed' => $changes, ), $auditLog->_sanitizeUserdata($userdata, $user_id))); }); $auditLog->_addObserver('rest_insert_user', function($user, $request, $creating) use ($auditLog) { //User created/updated via REST API, userdata already populated $auditLog->_recordAction($creating ? self::USER_CREATED : self::USER_UPDATED, array( 'source' => 'REST', ), true); }); $auditLog->_addObserver('deleted_user', function($user_id, $reassign_id) use ($auditLog) { //User deleted if ($auditLog->_hasState('delete_user.user')) { $auditLog->_recordAction(self::USER_DELETED, array_merge(array( 'reassigned' => $reassign_id, ), $auditLog->_sanitizeUserdata($auditLog->_getState('delete_user.user'), $user_id))); } }); $auditLog->_addObserver('rest_delete_user', function($user, $response, $request) use ($auditLog) { //User deleted via REST API, userdata already populated $auditLog->_recordAction(self::USER_DELETED, array( 'source' => 'REST', ), true); }); $auditLog->_addObserver('wp_login', function($user_login, $user) use ($auditLog) { //User logged in $auditLog->_recordAction(self::USER_LOGGED_IN, $auditLog->_sanitizeUserdata($user)); }); $auditLog->_addObserver('wp_logout', function($user_id = 0) use ($auditLog) { //User logged out if ($user_id == 0) { $user_id = self::$initialUserID; } $user = get_user_by('ID', $user_id); $auditLog->_recordAction(self::USER_LOGGED_OUT, $auditLog->_sanitizeUserdata($user)); }); $auditLog->_addObserver('after_password_reset', function($user, $new_pass) use ($auditLog) { //User password reset $auditLog->_recordAction(self::USER_PASSWORD_RESET, $auditLog->_sanitizeUserdata($user)); }); $auditLog->_addObserver('set_auth_cookie', function($auth_cookie, $expire, $expiration, $user_id, $scheme) use ($auditLog) { //Auth cookie set $user = get_user_by('ID', $user_id); $auditLog->_recordAction(self::USER_AUTH_COOKIE_SET, array( 'grace_expiration' => $expire, 'expiration' => $expiration, 'scheme' => $scheme, 'user' => $auditLog->_sanitizeUserdata($user), )); }); $auditLog->_addObserver('add_user_role', function($user_id, $new_role) use ($auditLog) { //User role assigned $user = get_user_by('ID', $user_id); $auditLog->_recordAction(self::USER_ROLE_ADDED, array_merge(array( 'role_added' => $new_role, ), $auditLog->_sanitizeUserdata($user))); }); $auditLog->_addObserver('remove_user_role', function($user_id, $removed_role) use ($auditLog) { //User role assigned $user = get_user_by('ID', $user_id); $auditLog->_recordAction(self::USER_ROLE_REMOVED, array_merge(array( 'role_removed' => $removed_role, ), $auditLog->_sanitizeUserdata($user))); }); $auditLog->_addObserver('make_spam_user', function($user_id) use ($auditLog) { //User marked as spam $user = get_user_by('ID', $user_id); $auditLog->_recordAction(self::USER_STATUS_SPAM, $auditLog->_sanitizeUserdata($user)); }); $auditLog->_addObserver('make_ham_user', function($user_id) use ($auditLog) { //User unmarked as spam $user = get_user_by('ID', $user_id); $auditLog->_recordAction(self::USER_STATUS_HAM, $auditLog->_sanitizeUserdata($user)); }); $auditLog->_addObserver('wp_create_application_password', function($user_id, $new_item, $new_password, $args) use ($auditLog) { //User application password created $user = get_user_by('ID', $user_id); $auditLog->_recordAction(self::USER_APP_PASSWORD_CREATED, array_merge($auditLog->_sanitizeAppPassword($new_item), $auditLog->_sanitizeUserdata($user))); }); $auditLog->_addObserver('wp_delete_application_password', function($user_id, $item) use ($auditLog) { //User application password deleted $user = get_user_by('ID', $user_id); $auditLog->_recordAction(self::USER_APP_PASSWORD_DELETED, array_merge($auditLog->_sanitizeAppPassword($item), $auditLog->_sanitizeUserdata($user))); }); } /** * Registers the data gatherers for this class's chunk of functionality. * * @param wfAuditLog $auditLog */ protected static function _registerDataGatherers($auditLog) { $auditLog->_addObserver('delete_user', function($user_id, $reassign_id) use ($auditLog) { //About to delete user $user = get_user_by('ID', $user_id); $auditLog->_trackState('delete_user.user', $user); }); $auditLog->_addObserver('update_user_meta', function($meta_id, $object_id, $meta_key, $meta_value) use ($auditLog) { //Update user meta $suffixes = array('capabilities', 'user_level'); //will be , e.g., typically `wp_capabilities` but not always $match = false; foreach ($suffixes as $s) { if (preg_match('/' . preg_quote($s) . '$/i', $meta_key)) { $match = true; break; } } if (!$match) { return; } if (!$auditLog->_hasState('update_user_meta.old', $object_id)) { $auditLog->_trackState('update_user_meta.old', array(), $object_id); } $old = array(); if ($auditLog->_hasState('update_user_meta.old', $object_id)) { $old = $auditLog->_getState('update_user_meta.old', $object_id); } if (!isset($old[$meta_key])) { $old[$meta_key] = get_user_meta($object_id, $meta_key, true); $auditLog->_trackState('update_user_meta.old', $old, $object_id); } if (!$auditLog->_hasState('update_user_meta.new', $object_id)) { $auditLog->_trackState('update_user_meta.new', array(), $object_id); } $new = $auditLog->_getState('update_user_meta.new', $object_id); $new[$meta_key] = $meta_value; $auditLog->_trackState('update_user_meta.new', $new, $object_id); $auditLog->_needsDestruct(); }); $auditLog->_addObserver('application_password_did_authenticate', function($user, $item) use ($auditLog) { //User application password authenticated //We can't record this directly because wp_get_current_user re-authenticates everything when called later, causing an infinite loop if (!$auditLog->isFinalizing() && !empty($item['uuid'])) { $auditLog->_trackState('application_password_did_authenticate.items', array('user' => $user, 'item' => $item), $item['uuid']); $auditLog->_needsDestruct(); } }); } /** * Registers the coalescers for this class's chunk of functionality. * * @param wfAuditLog $auditLog */ protected static function _registerCoalescers($auditLog) { $auditLog->_addCoalescer(function() use ($auditLog) { //User meta changed, specific key patterns only $old = $auditLog->_getAllStates('update_user_meta.old'); if (!is_array($old) || !count($old)) { return; } $payload = array(); foreach ($old as $user_id => $meta) { $user = get_user_by('ID', $user_id); $new = $auditLog->_getState('update_user_meta.new', $user_id); foreach ($meta as $key => $old_value) { $new_value = $new[$key]; $event = null; if (preg_match('/capabilities$/i', $key)) { $event = self::USER_META_CAPABILITIES; } else if (preg_match('/user_level$/i', $key)) { $event = self::USER_META_LEVEL; } if ($event) { if (!isset($payload[$event])) { $payload[$event] = array(); } if (!isset($payload[$event][$user_id])) { $payload[$event][$user_id] = array('user' => $auditLog->_sanitizeUserdata($user), 'changes' => array()); } if (is_array($old_value) && is_array($new_value)) { $diff = wfUtils::array_diff($old_value, $new_value); if (empty($diff['added']) && empty($diff['removed'])) { continue; } } else { $diff = array('before' => $old_value, 'after' => $new_value); if ($diff['before'] == $diff['after']) { continue; } } $payload[$event][$user_id]['changes'][] = array('key' => $key, 'diff' => $diff); } } } foreach ($payload as $event => $data) { $auditLog->_recordAction($event, array_values($data)); } }); $auditLog->_addCoalescer(function() use ($auditLog) { //App password authentications $items = $auditLog->_getAllStates('application_password_did_authenticate.items'); foreach ($items as $uuid => $payload) { $auditLog->_recordAction(self::USER_APP_PASSWORD_ACCEPTED, array_merge($auditLog->_sanitizeAppPassword($payload['item']), $auditLog->_sanitizeUserdata($payload['user']))); } }); } }PK!©Õ Ó]‚]‚ wfAuditLogObserversWordfence.phpnu„[µü¤ array( self::WORDFENCE_IGNORED_ALERT_IPS_UPDATED, self::WORDFENCE_PREVENT_ADMIN_USERNAME_TOGGLED, self::WORDFENCE_CUSTOM_BLOCK_TEXT_UPDATED, self::WORDFENCE_SCAN_OPTIONS_UPDATED, self::WORDFENCE_SCAN_SCHEDULE_UPDATED, self::WORDFENCE_PARTICIPATE_SECURITY_NETWORK_TOGGLED, self::WORDFENCE_AUDIT_LOG_MODE_CHANGED, self::WORDFENCE_LICENSE_KEY_CHANGED, self::WORDFENCE_IP_SOURCE_CHANGED, self::WORDFENCE_TRUSTED_PROXIES_UPDATED, self::WORDFENCE_TRUSTED_PROXY_PRESET_CHANGED, self::WORDFENCE_LS_IP_SOURCE_CHANGED, self::WORDFENCE_LS_TRUSTED_PROXIES_UPDATED, self::WORDFENCE_LS_WOOCOMMERCE_INTEGRATION_TOGGLED, ), wfAuditLog::AUDIT_LOG_CATEGORY_AUTHENTICATION => array( self::WORDFENCE_LS_2FA_DEACTIVATED, self::WORDFENCE_LS_2FA_ACTIVATED, self::WORDFENCE_ENFORCE_STRONG_PASSWORDS_TOGGLED, self::WORDFENCE_MASK_LOGIN_ERRORS_TOGGLED, self::WORDFENCE_PREVENT_APPLICATION_PASSWORDS_TOGGLED, self::WORDFENCE_CHANGE_PASSWORD_CHECK_STRENGTH_TOGGLED, self::WORDFENCE_LS_XML_RPC_REQUIRES_2FA_TOGGLED, self::WORDFENCE_LS_ALLOWED_IPS_UPDATED, self::WORDFENCE_LS_2FA_REQUIRED_CHANGED, self::WORDFENCE_LS_2FA_GRACE_PERIOD_CHANGED, ), wfAuditLog::AUDIT_LOG_CATEGORY_FIREWALL => array( self::WORDFENCE_WAF_MODE_CHANGED, self::WORDFENCE_WAF_RULE_STATUS_CHANGED, self::WORDFENCE_WAF_PROTECTION_LEVEL_CHANGED, self::WORDFENCE_WAF_ALLOW_ENTRY_CREATED, self::WORDFENCE_WAF_ALLOW_ENTRY_DELETED, self::WORDFENCE_WAF_ALLOW_ENTRY_TOGGLED, self::WORDFENCE_WAF_BLOCKLIST_TOGGLED, self::WORDFENCE_ALLOWED_IPS_UPDATED, self::WORDFENCE_ALLOWED_SERVICES_UPDATED, self::WORDFENCE_ALLOWED_404S_UPDATED, self::WORDFENCE_BANNED_URLS_UPDATED, self::WORDFENCE_BANNED_USERNAMES_UPDATED, self::WORDFENCE_BRUTE_FORCE_TOGGLED, self::WORDFENCE_GENERAL_RATE_LIMITING_BLOCKING_TOGGLED, self::WORDFENCE_NEVER_BLOCK_CRAWLERS_CHANGED, self::WORDFENCE_LOCKOUT_INVALID_TOGGLED, self::WORDFENCE_BREACHED_PASSWORDS_TOGGLED, self::WORDFENCE_BLOCK_AUTHOR_SCAN_TOGGLED, self::WORDFENCE_BLOCK_BAD_POST_TOGGLED, self::WORDFENCE_LOGIN_FAILURE_COUNT_UPDATED, self::WORDFENCE_FORGOT_PASSWORD_COUNT_UPDATED, self::WORDFENCE_LOGIN_SECURITY_PERIOD_UPDATED, self::WORDFENCE_LOGIN_SECURITY_DURATION_UPDATED, self::WORDFENCE_BLOCK_DURATION_UPDATED, self::WORDFENCE_RATE_LIMITS_GLOBAL_UPDATED, self::WORDFENCE_RATE_LIMITS_CRAWLER_UPDATED, self::WORDFENCE_RATE_LIMITS_CRAWLER_404_UPDATED, self::WORDFENCE_RATE_LIMITS_HUMAN_UPDATED, self::WORDFENCE_RATE_LIMITS_HUMAN_404_UPDATED, self::WORDFENCE_BLOCKING_COUNTRY_UPDATED, self::WORDFENCE_BLOCKING_IP_PATTERN_CREATED, self::WORDFENCE_BLOCKING_DELETED, self::WORDFENCE_LS_XML_RPC_TOGGLED, self::WORDFENCE_LS_CAPTCHA_TOGGLED, self::WORDFENCE_LS_CAPTCHA_THRESHOLD_CHANGED, self::WORDFENCE_LS_CAPTCHA_TEST_MODE_TOGGLED, ), ); } public static function eventNames() { return array( self::WORDFENCE_WAF_MODE_CHANGED => __('Wordfence WAF Mode Changed', 'wordfence'), self::WORDFENCE_WAF_RULE_STATUS_CHANGED => __('Wordfence WAF Rule Status Changed', 'wordfence'), self::WORDFENCE_WAF_PROTECTION_LEVEL_CHANGED => __('Wordfence WAF Protection Level Changed', 'wordfence'), self::WORDFENCE_WAF_ALLOW_ENTRY_CREATED => __('Wordfence WAF Allow Entry Created', 'wordfence'), self::WORDFENCE_WAF_ALLOW_ENTRY_DELETED => __('Wordfence WAF Allow Entry Deleted', 'wordfence'), self::WORDFENCE_WAF_ALLOW_ENTRY_TOGGLED => __('Wordfence WAF Allow Entry Toggled', 'wordfence'), self::WORDFENCE_WAF_BLOCKLIST_TOGGLED => __('Wordfence WAF Blocklist Toggled', 'wordfence'), self::WORDFENCE_ALLOWED_IPS_UPDATED => __('Allowlisted IPs Updated', 'wordfence'), self::WORDFENCE_ALLOWED_SERVICES_UPDATED => __('Allowlisted Services Updated', 'wordfence'), self::WORDFENCE_ALLOWED_404S_UPDATED => __('Allowed 404s Updated', 'wordfence'), self::WORDFENCE_IGNORED_ALERT_IPS_UPDATED => __('Ignored Alert IPs Updated', 'wordfence'), self::WORDFENCE_BANNED_URLS_UPDATED => __('Banned URLs Updated', 'wordfence'), self::WORDFENCE_BANNED_USERNAMES_UPDATED => __('Banned Usernames Updated', 'wordfence'), self::WORDFENCE_BRUTE_FORCE_TOGGLED => __('Brute Force Protection Toggled', 'wordfence'), self::WORDFENCE_GENERAL_RATE_LIMITING_BLOCKING_TOGGLED => __('General Blocking and Rate Limiting Toggled', 'wordfence'), self::WORDFENCE_NEVER_BLOCK_CRAWLERS_CHANGED => __('Never Block Crawlers Toggled', 'wordfence'), self::WORDFENCE_LOCKOUT_INVALID_TOGGLED => __('Lockout Invalid Users Toggled', 'wordfence'), self::WORDFENCE_BREACHED_PASSWORDS_TOGGLED => __('Prevent Use of Breached Passwords Toggled', 'wordfence'), self::WORDFENCE_ENFORCE_STRONG_PASSWORDS_TOGGLED => __('Enforce Strong Passwords Toggled', 'wordfence'), self::WORDFENCE_MASK_LOGIN_ERRORS_TOGGLED => __('Mask Login Errors Toggled', 'wordfence'), self::WORDFENCE_PREVENT_ADMIN_USERNAME_TOGGLED => __('Prevent Using "admin" Username Toggled', 'wordfence'), self::WORDFENCE_BLOCK_AUTHOR_SCAN_TOGGLED => __('Block Author Scanning Toggled', 'wordfence'), self::WORDFENCE_PREVENT_APPLICATION_PASSWORDS_TOGGLED => __('Prevent Use of Application Passwords Toggled', 'wordfence'), self::WORDFENCE_BLOCK_BAD_POST_TOGGLED => __('Block Bad POST Requests Toggled', 'wordfence'), self::WORDFENCE_CHANGE_PASSWORD_CHECK_STRENGTH_TOGGLED => __('Check Password Strength on Reset Toggled', 'wordfence'), self::WORDFENCE_LOGIN_FAILURE_COUNT_UPDATED => __('Failed Login Failure Threshold Updated', 'wordfence'), self::WORDFENCE_FORGOT_PASSWORD_COUNT_UPDATED => __('Forgot Password Threshold Updated', 'wordfence'), self::WORDFENCE_LOGIN_SECURITY_PERIOD_UPDATED => __('Login Security Counting Period Updated', 'wordfence'), self::WORDFENCE_LOGIN_SECURITY_DURATION_UPDATED => __('Login Security Lockout Threshold Updated', 'wordfence'), self::WORDFENCE_BLOCK_DURATION_UPDATED => __('Automatic Block Duration Updated', 'wordfence'), self::WORDFENCE_CUSTOM_BLOCK_TEXT_UPDATED => __('Custom Block Text Updated', 'wordfence'), self::WORDFENCE_RATE_LIMITS_GLOBAL_UPDATED => __('Global Rate Limit Settings Updated', 'wordfence'), self::WORDFENCE_RATE_LIMITS_CRAWLER_UPDATED => __('Crawler Rate Limit Settings Updated', 'wordfence'), self::WORDFENCE_RATE_LIMITS_CRAWLER_404_UPDATED => __('Crawler 404 Rate Limit Settings Updated', 'wordfence'), self::WORDFENCE_RATE_LIMITS_HUMAN_UPDATED => __('Human Rate Limit Settings Updated', 'wordfence'), self::WORDFENCE_RATE_LIMITS_HUMAN_404_UPDATED => __('Human 404 Rate Limit Settings Updated', 'wordfence'), self::WORDFENCE_SCAN_OPTIONS_UPDATED => __('Scan Options Updated', 'wordfence'), self::WORDFENCE_SCAN_SCHEDULE_UPDATED => __('Scan Schedule Updated', 'wordfence'), self::WORDFENCE_BLOCKING_COUNTRY_UPDATED => __('Country Blocking Updated', 'wordfence'), self::WORDFENCE_BLOCKING_IP_PATTERN_CREATED => __('Manual Block Created', 'wordfence'), self::WORDFENCE_BLOCKING_DELETED => __('Block Deleted', 'wordfence'), self::WORDFENCE_PARTICIPATE_SECURITY_NETWORK_TOGGLED => __('Participate in the Wordfence Security Network Toggled', 'wordfence'), self::WORDFENCE_AUDIT_LOG_MODE_CHANGED => __('Audit Log Mode Changed', 'wordfence'), self::WORDFENCE_LICENSE_KEY_CHANGED => __('License Key Changed', 'wordfence'), self::WORDFENCE_IP_SOURCE_CHANGED => __('IP Source Changed', 'wordfence'), self::WORDFENCE_TRUSTED_PROXIES_UPDATED => __('Trusted Proxies Updated', 'wordfence'), self::WORDFENCE_TRUSTED_PROXY_PRESET_CHANGED => __('Trusted Proxy Preset Changed', 'wordfence'), self::WORDFENCE_LS_2FA_DEACTIVATED => __('2FA Deactivated on User', 'wordfence'), self::WORDFENCE_LS_2FA_ACTIVATED => __('2FA Activated on User', 'wordfence'), self::WORDFENCE_LS_XML_RPC_REQUIRES_2FA_TOGGLED => __('XML-RPC Requires 2FA Toggled', 'wordfence'), self::WORDFENCE_LS_ALLOWED_IPS_UPDATED => __('IPs Bypassing 2FA Updated', 'wordfence'), self::WORDFENCE_LS_IP_SOURCE_CHANGED => __('IP Source Changed', 'wordfence'), self::WORDFENCE_LS_TRUSTED_PROXIES_UPDATED => __('Trusted Proxies Updated', 'wordfence'), self::WORDFENCE_LS_2FA_REQUIRED_CHANGED => __('2FA Role Requirements Changed', 'wordfence'), self::WORDFENCE_LS_2FA_GRACE_PERIOD_CHANGED => __('2FA Grace Period Changed', 'wordfence'), self::WORDFENCE_LS_XML_RPC_TOGGLED => __('XML-RPC Interface Toggled', 'wordfence'), self::WORDFENCE_LS_CAPTCHA_TOGGLED => __('Login Captcha Toggled', 'wordfence'), self::WORDFENCE_LS_CAPTCHA_THRESHOLD_CHANGED => __('reCAPTCHA Threshold Changed', 'wordfence'), self::WORDFENCE_LS_WOOCOMMERCE_INTEGRATION_TOGGLED => __('WooCommerce 2FA Integration Toggled', 'wordfence'), self::WORDFENCE_LS_CAPTCHA_TEST_MODE_TOGGLED => __('Captcha Test Mode Toggled', 'wordfence'), ); } public static function eventRateLimiters() { return array(); } /** * Registers the observers for this class's chunk of functionality that should run regardless of other settings. * These observers are expected to do their own check and application of settings like the audit log's mode or * the `Participate in the Wordfence Security Network` setting. * * @param wfAuditLog $auditLog */ protected static function _registerForcedObservers($auditLog) { if (!wfLicense::current()->isAtLeastPremium()) { return; } $auditLog->_addObserver('wordfence_changed_audit_log_mode', function($before, $after) use ($auditLog) { //Audit log mode changed, run in all modes $auditLog->_recordAction(self::WORDFENCE_AUDIT_LOG_MODE_CHANGED, array('before' => $before, 'after' => $after)); }); if ($auditLog->mode() == wfAuditLog::AUDIT_LOG_MODE_DISABLED) { return; } $auditLog->_addObserver('wordfence_toggled_participate_security_network', function($before, $after) use ($auditLog) { //Participate WFSN toggled, always send if audit log enabled $auditLog->_recordAction(self::WORDFENCE_PARTICIPATE_SECURITY_NETWORK_TOGGLED, array('state' => $after)); }); } /** * Registers the observers for this class's chunk of functionality. * * @param wfAuditLog $auditLog */ protected static function _registerObservers($auditLog) { //WAF $auditLog->_addObserver('wordfence_waf_mode', function($before, $after) use ($auditLog) { //WAF mode setting changed $auditLog->_recordAction(self::WORDFENCE_WAF_MODE_CHANGED, array('before' => $before, 'after' => $after)); }); $auditLog->_addObserver('wordfence_waf_changed_rule_status', function($changes) use ($auditLog) { //WAF rule mode(s) changed $auditLog->_recordAction(self::WORDFENCE_WAF_RULE_STATUS_CHANGED, $changes); }); $auditLog->_addObserver('wordfence_waf_changed_protection_level', function($before, $after) use ($auditLog) { //WAF protection level changed $auditLog->_recordAction(self::WORDFENCE_WAF_PROTECTION_LEVEL_CHANGED, array('before' => $before, 'after' => $after)); }); $auditLog->_addObserver('wordfence_waf_created_allow_entry', function($entries) use ($auditLog) { //WAF allow entry created $auditLog->_recordAction(self::WORDFENCE_WAF_ALLOW_ENTRY_CREATED, array('added' => $entries)); }); $auditLog->_addObserver('wordfence_waf_deleted_allow_entry', function($entries) use ($auditLog) { //WAF allow entry deleted $auditLog->_recordAction(self::WORDFENCE_WAF_ALLOW_ENTRY_DELETED, array('deleted' => $entries)); }); $auditLog->_addObserver('wordfence_waf_toggled_allow_entry', function($entries) use ($auditLog) { //WAF allow entry toggled $auditLog->_recordAction(self::WORDFENCE_WAF_ALLOW_ENTRY_TOGGLED, array('toggled' => $entries)); }); $auditLog->_addObserver('wordfence_waf_toggled_blocklist', function($before, $after) use ($auditLog) { //WAF blocklist toggled on/off $auditLog->_recordAction(self::WORDFENCE_WAF_BLOCKLIST_TOGGLED, array('state' => $after)); }); //Allowed/ignored $auditLog->_addObserver('wordfence_updated_allowed_ips', function($before, $after) use ($auditLog) { //Allowed IP list changed, only care about additions $changes = wfUtils::array_diff($before, $after); if (!empty($changes['added'])) { $auditLog->_recordAction(self::WORDFENCE_ALLOWED_IPS_UPDATED, array('added' => $changes['added'])); } }); $auditLog->_addObserver('wordfence_updated_allowed_services', function($before, $after) use ($auditLog) { //Allowed services list changed, only care about additions $resolvedBefore = wfUtils::whitelistedServiceIPs($before); $resolvedAfter = wfUtils::whitelistedServiceIPs($after); $changes = wfUtils::array_diff(array_keys($resolvedBefore), array_keys($resolvedAfter)); if (!empty($changes['added'])) { $auditLog->_recordAction(self::WORDFENCE_ALLOWED_SERVICES_UPDATED, array('added' => $changes['added'])); } }); $auditLog->_addObserver('wordfence_updated_allowed_404', function($before, $after) use ($auditLog) { //Allowed 404 list changed, only care about additions $changes = wfUtils::array_diff($before, $after); if (!empty($changes['added'])) { $auditLog->_recordAction(self::WORDFENCE_ALLOWED_404S_UPDATED, array('added' => $changes['added'])); } }); $auditLog->_addObserver('wordfence_updated_ignored_alert_ips', function($before, $after) use ($auditLog) { //Ignored alert IP list changed, only care about additions $changes = wfUtils::array_diff($before, $after); if (!empty($changes['added'])) { $auditLog->_recordAction(self::WORDFENCE_IGNORED_ALERT_IPS_UPDATED, array('added' => $changes['added'])); } }); //Banned/prohibited $auditLog->_addObserver('wordfence_updated_banned_urls', function($before, $after) use ($auditLog) { //Banned URL list changed, only care about removals $changes = wfUtils::array_diff($before, $after); if (!empty($changes['removed'])) { $auditLog->_recordAction(self::WORDFENCE_BANNED_URLS_UPDATED, array('removed' => $changes['removed'])); } }); $auditLog->_addObserver('wordfence_updated_banned_usernames', function($before, $after) use ($auditLog) { //Banned username list changed, only care about removals $changes = wfUtils::array_diff($before, $after); if (!empty($changes['removed'])) { $auditLog->_recordAction(self::WORDFENCE_BANNED_USERNAMES_UPDATED, array('removed' => $changes['removed'])); } }); //General blocking/brute force $auditLog->_addObserver('wordfence_toggled_brute_force_protection', function($before, $after) use ($auditLog) { //Brute force protection toggled on/off $auditLog->_recordAction(self::WORDFENCE_BRUTE_FORCE_TOGGLED, array('state' => $after)); }); $auditLog->_addObserver('wordfence_toggled_general_rate_limiting_blocking', function($before, $after) use ($auditLog) { //General rate limiting and blocking toggled on/off $auditLog->_recordAction(self::WORDFENCE_GENERAL_RATE_LIMITING_BLOCKING_TOGGLED, array('state' => $after)); }); $auditLog->_addObserver('wordfence_toggled_never_block_crawlers', function($before, $after) use ($auditLog) { //Never block crawlers changed $auditLog->_recordAction(self::WORDFENCE_NEVER_BLOCK_CRAWLERS_CHANGED, array('before' => $before, 'after' => $after)); }); $auditLog->_addObserver('wordfence_toggled_lock_out_invalid', function($before, $after) use ($auditLog) { //Lock out invalid usernames toggled on/off $auditLog->_recordAction(self::WORDFENCE_LOCKOUT_INVALID_TOGGLED, array('state' => $after)); }); $auditLog->_addObserver('wordfence_toggled_breached_password_protection', function($before, $after) use ($auditLog) { //Breached password protection toggled on/off $auditLog->_recordAction(self::WORDFENCE_BREACHED_PASSWORDS_TOGGLED, array('state' => $after)); }); $auditLog->_addObserver('wordfence_toggled_enforce_strong_passwords', function($before, $after) use ($auditLog) { //Enforce strong passwords toggled on/off $auditLog->_recordAction(self::WORDFENCE_ENFORCE_STRONG_PASSWORDS_TOGGLED, array('state' => $after)); }); $auditLog->_addObserver('wordfence_toggled_mask_login_errors', function($before, $after) use ($auditLog) { //Mask login errors toggled on/off $auditLog->_recordAction(self::WORDFENCE_MASK_LOGIN_ERRORS_TOGGLED, array('state' => $after)); }); $auditLog->_addObserver('wordfence_toggled_prevent_admin_username', function($before, $after) use ($auditLog) { //Prevent using "admin" username toggled on/off $auditLog->_recordAction(self::WORDFENCE_PREVENT_ADMIN_USERNAME_TOGGLED, array('state' => $after)); }); $auditLog->_addObserver('wordfence_toggled_block_author_scan', function($before, $after) use ($auditLog) { //Block author scan toggled on/off $auditLog->_recordAction(self::WORDFENCE_BLOCK_AUTHOR_SCAN_TOGGLED, array('state' => $after)); }); $auditLog->_addObserver('wordfence_toggled_prevent_application_passwords', function($before, $after) use ($auditLog) { //Prevent use of application passwords toggled on/off $auditLog->_recordAction(self::WORDFENCE_PREVENT_APPLICATION_PASSWORDS_TOGGLED, array('state' => $after)); }); $auditLog->_addObserver('wordfence_toggled_block_bad_post', function($before, $after) use ($auditLog) { //Block bad POST requests toggled on/off $auditLog->_recordAction(self::WORDFENCE_BLOCK_BAD_POST_TOGGLED, array('state' => $after)); }); $auditLog->_addObserver('wordfence_toggled_change_password_check_strength', function($before, $after) use ($auditLog) { //Check strength on password change toggled on/off $auditLog->_recordAction(self::WORDFENCE_CHANGE_PASSWORD_CHECK_STRENGTH_TOGGLED, array('state' => $after)); }); //Thresholds/Durations $auditLog->_addObserver('wordfence_updated_login_failure_count', function($before, $after) use ($auditLog) { //Login failure count before lockout $auditLog->_recordAction(self::WORDFENCE_LOGIN_FAILURE_COUNT_UPDATED, array('before' => $before, 'after' => $after)); }); $auditLog->_addObserver('wordfence_updated_forgot_password_count', function($before, $after) use ($auditLog) { //Forgot password request count before lockout $auditLog->_recordAction(self::WORDFENCE_FORGOT_PASSWORD_COUNT_UPDATED, array('before' => $before, 'after' => $after)); }); $auditLog->_addObserver('wordfence_updated_login_security_period', function($before, $after) use ($auditLog) { //Count failures over this period $auditLog->_recordAction(self::WORDFENCE_LOGIN_SECURITY_PERIOD_UPDATED, array('before' => $before, 'after' => $after)); }); $auditLog->_addObserver('wordfence_updated_login_security_duration', function($before, $after) use ($auditLog) { //Duration of lockout $auditLog->_recordAction(self::WORDFENCE_LOGIN_SECURITY_DURATION_UPDATED, array('before' => $before, 'after' => $after)); }); $auditLog->_addObserver('wordfence_updated_block_duration', function($before, $after) use ($auditLog) { //Rate limit block/lockout duration $auditLog->_recordAction(self::WORDFENCE_BLOCK_DURATION_UPDATED, array('before' => $before, 'after' => $after)); }); //Custom text $auditLog->_addObserver('wordfence_updated_custom_block_text', function($before, $after) use ($auditLog) { //Custom block text $auditLog->_recordAction(self::WORDFENCE_CUSTOM_BLOCK_TEXT_UPDATED, array('before' => $before, 'after' => $after)); }); //Rate limits $auditLog->_addObserver('wordfence_updated_max_global_requests', function($before, $after) use ($auditLog) { //Global rate limit $auditLog->_recordAction(self::WORDFENCE_RATE_LIMITS_GLOBAL_UPDATED, array('before' => $before, 'after' => $after)); }); $auditLog->_addObserver('wordfence_updated_max_crawler_requests', function($before, $after) use ($auditLog) { //Crawler rate limit $auditLog->_recordAction(self::WORDFENCE_RATE_LIMITS_CRAWLER_UPDATED, array('before' => $before, 'after' => $after)); }); $auditLog->_addObserver('wordfence_updated_max_crawler_404', function($before, $after) use ($auditLog) { //Crawler 404 rate limit $auditLog->_recordAction(self::WORDFENCE_RATE_LIMITS_CRAWLER_404_UPDATED, array('before' => $before, 'after' => $after)); }); $auditLog->_addObserver('wordfence_updated_max_human_requests', function($before, $after) use ($auditLog) { //Human rate limit $auditLog->_recordAction(self::WORDFENCE_RATE_LIMITS_HUMAN_UPDATED, array('before' => $before, 'after' => $after)); }); $auditLog->_addObserver('wordfence_updated_max_human_404', function($before, $after) use ($auditLog) { //Human 404 rate limit $auditLog->_recordAction(self::WORDFENCE_RATE_LIMITS_HUMAN_404_UPDATED, array('before' => $before, 'after' => $after)); }); //Scan $auditLog->_addObserver('wordfence_updated_scan_options', function($before, $after) use ($auditLog) { //Scan options $auditLog->_recordAction(self::WORDFENCE_SCAN_OPTIONS_UPDATED, array('before' => $before, 'after' => $after)); }); $auditLog->_addObserver('wordfence_updated_scan_schedule', function($before, $after) use ($auditLog) { //Scan schedule $auditLog->_recordAction(self::WORDFENCE_SCAN_SCHEDULE_UPDATED, array('before' => $before, 'after' => $after)); }); //Custom blocking $auditLog->_addObserver('wordfence_updated_country_blocking', function($before, $after) use ($auditLog) { //Country block changed $diff = wfUtils::array_diff($before, $after); if (!empty($diff['added']) || !empty($diff['removed'])) { $auditLog->_recordAction(self::WORDFENCE_BLOCKING_COUNTRY_UPDATED, array('before' => $before, 'after' => $after)); } }); $auditLog->_addObserver('wordfence_created_ip_pattern_block', function($type, $reason, $parameters) use ($auditLog) { //IP or Pattern block created manually $auditLog->_recordAction(self::WORDFENCE_BLOCKING_IP_PATTERN_CREATED, array('type' => $type, 'reason' => $reason, 'parameters' => $parameters)); }); $auditLog->_addObserver('wordfence_deleted_block', function($type, $reason, $parameters) use ($auditLog) { //Block deleted manually $auditLog->_recordAction(self::WORDFENCE_BLOCKING_DELETED, array('type' => $type, 'reason' => $reason, 'parameters' => $parameters)); }); //Core functionality $auditLog->_addObserver('wordfence_changed_license_key', function($before, $after) use ($auditLog) { //License key changed $auditLog->_recordAction(self::WORDFENCE_LICENSE_KEY_CHANGED, array('before' => $before, 'after' => $after)); }); //IP resolution $auditLog->_addObserver('wordfence_changed_ip_source', function($before, $after) use ($auditLog) { //IP source changed $auditLog->_recordAction(self::WORDFENCE_IP_SOURCE_CHANGED, array('before' => $before, 'after' => $after)); }); $auditLog->_addObserver('wordfence_updated_trusted_proxies', function($before, $after) use ($auditLog) { //Trusted proxy list changed $changes = wfUtils::array_diff($before, $after); $auditLog->_recordAction(self::WORDFENCE_TRUSTED_PROXIES_UPDATED, array('changes' => $changes)); }); $auditLog->_addObserver('wordfence_changed_trusted_proxy_preset', function($before, $after) use ($auditLog) { //Trusted proxy preset selection changed $auditLog->_recordAction(self::WORDFENCE_TRUSTED_PROXY_PRESET_CHANGED, array('before' => $before, 'after' => $after)); }); //Login Security $auditLog->_addObserver('wordfence_ls_2fa_deactivated', function($user) use ($auditLog) { //2FA deactivated on a user $auditLog->_recordAction(self::WORDFENCE_LS_2FA_DEACTIVATED, $auditLog->_sanitizeUserdata($user)); }); $auditLog->_addObserver('wordfence_ls_2fa_activated', function($user) use ($auditLog) { //2FA activated on a user $auditLog->_recordAction(self::WORDFENCE_LS_2FA_ACTIVATED, $auditLog->_sanitizeUserdata($user)); }); $auditLog->_addObserver('wordfence_ls_xml_rpc_2fa_toggled', function($before, $after) use ($auditLog) { //2FA required for XML-RPC calls $auditLog->_recordAction(self::WORDFENCE_LS_XML_RPC_REQUIRES_2FA_TOGGLED, array('state' => $after)); }); $auditLog->_addObserver('wordfence_ls_updated_allowed_ips', function($before, $after) use ($auditLog) { //Ignored 2FA IP list changed $changes = wfUtils::array_diff($before, $after); $auditLog->_recordAction(self::WORDFENCE_LS_ALLOWED_IPS_UPDATED, array('changes' => $changes)); }); $auditLog->_addObserver('wordfence_ls_changed_ip_source', function($before, $after) use ($auditLog) { //IP source changed (WFLS only) $auditLog->_recordAction(self::WORDFENCE_LS_IP_SOURCE_CHANGED, array('before' => $before, 'after' => $after)); }); $auditLog->_addObserver('wordfence_ls_updated_trusted_proxies', function($before, $after) use ($auditLog) { //Trusted proxy list changed (WFLS only) $changes = wfUtils::array_diff($before, $after); $auditLog->_recordAction(self::WORDFENCE_LS_TRUSTED_PROXIES_UPDATED, array('changes' => $changes)); }); $auditLog->_addObserver('wordfence_ls_changed_grace_period', function($before, $after) use ($auditLog) { //2FA grace period changed $auditLog->_recordAction(self::WORDFENCE_LS_2FA_GRACE_PERIOD_CHANGED, array('before' => $before, 'after' => $after)); }); $auditLog->_addObserver('wordfence_ls_xml_rpc_enabled_toggled', function($before, $after) use ($auditLog) { //XML-RPC enabled/disabled $auditLog->_recordAction(self::WORDFENCE_LS_XML_RPC_TOGGLED, array('state' => $after)); }); $auditLog->_addObserver('wordfence_ls_captcha_enabled_toggled', function($before, $after) use ($auditLog) { //Captcha enabled/disabled $auditLog->_recordAction(self::WORDFENCE_LS_CAPTCHA_TOGGLED, array('state' => $after)); }); $auditLog->_addObserver('wordfence_ls_captcha_threshold_changed', function($before, $after) use ($auditLog) { //Captcha threshold changed $auditLog->_recordAction(self::WORDFENCE_LS_CAPTCHA_THRESHOLD_CHANGED, array('before' => $before, 'after' => $after)); }); $auditLog->_addObserver('wordfence_ls_woocommerce_enabled_toggled', function($before, $after) use ($auditLog) { //WooCommerce integration enabled/disabled $auditLog->_recordAction(self::WORDFENCE_LS_WOOCOMMERCE_INTEGRATION_TOGGLED, array('state' => $after)); }); $auditLog->_addObserver('wordfence_ls_captcha_test_mode_toggled', function($before, $after) use ($auditLog) { //Captcha test mode enabled/disabled $auditLog->_recordAction(self::WORDFENCE_LS_CAPTCHA_TEST_MODE_TOGGLED, array('state' => $after)); }); } /** * Registers the data gatherers for this class's chunk of functionality. * * @param wfAuditLog $auditLog */ protected static function _registerDataGatherers($auditLog) { $auditLog->_addObserver('wordfence_ls_changed_2fa_required', function($role, $value) use ($auditLog) { //2FA requirement changed on a role if (!$auditLog->_hasState('wordfence_ls_changed_2fa_required.changes', 0)) { $auditLog->_trackState('wordfence_ls_changed_2fa_required.changes', array(), 0); } $state = $auditLog->_getState('wordfence_ls_changed_2fa_required.changes', 0); $state[$role] = $value; $auditLog->_trackState('wordfence_ls_changed_2fa_required.changes', $state, 0); $auditLog->_needsDestruct(); }); } /** * Registers the coalescers for this class's chunk of functionality. * * @param wfAuditLog $auditLog */ protected static function _registerCoalescers($auditLog) { $auditLog->_addCoalescer(function() use ($auditLog) { //Network active plugins changed $changes = $auditLog->_getState('wordfence_ls_changed_2fa_required.changes', 0); if (!is_array($changes) || !count($changes)) { return; } $auditLog->_recordAction(self::WORDFENCE_LS_2FA_REQUIRED_CHANGED, array('changes' => $changes)); }); } }PK!È‘ºÀXX(wfAuditLogObserversWordPressCoreSite.phpnu„[µü¤ array( self::SITE_DATA_EXPORTED, self::SITE_OPTION_ADMIN_EMAIL, self::SITE_OPTION_ANONYMOUS_COMMENTS, self::SITE_OPTION_COMMENT_MODERATION, self::SITE_OPTION_DEFAULT_COMMENT_STATUS, self::SITE_OPTION_DEFAULT_ROLE, self::SITE_OPTION_HOME_URL, self::SITE_OPTION_SITE_URL, self::SITE_OPTION_USER_REGISTRATION, ), wfAuditLog::AUDIT_LOG_CATEGORY_AUTHENTICATION => array( self::SITE_RECOVERY_MODE_KEY_GENERATED, ), wfAuditLog::AUDIT_LOG_CATEGORY_CONTENT => array( self::SITE_MAIL_SEND_FAILED, self::SITE_MAIL_SENT, ), wfAuditLog::AUDIT_LOG_CATEGORY_USER_PERMISSIONS => array( self::SITE_PERMISSIONS_ROLE_CAPABILITIES, self::SITE_PERMISSIONS_ADMIN_PAGE_DENIED, ), wfAuditLog::AUDIT_LOG_CATEGORY_PLUGINS_THEMES_UPDATES => array( self::SITE_OPTION_ACTIVE_PLUGINS, self::SITE_OPTION_STYLESHEET, self::SITE_OPTION_TEMPLATE, self::SITE_PLUGIN_INSTALLED, self::SITE_PLUGIN_DELETED, self::SITE_PLUGIN_ACTIVATED, self::SITE_PLUGIN_DEACTIVATED, self::SITE_THEME_INSTALLED, self::SITE_THEME_DELETED, self::SITE_THEME_SWITCHED, self::SITE_THEME_CUSTOMIZED, self::SITE_THEME_SIDEBAR_UPDATED, self::SITE_UPDATE_AUTOMATIC_COMPLETED, self::SITE_UPDATE_CORE, self::SITE_UPDATE_PLUGIN, self::SITE_UPDATE_THEME, ), ); } public static function eventNames() { return array( self::SITE_DATA_EXPORTED => __('Site Data Exported', 'wordfence'), self::SITE_RECOVERY_MODE_KEY_GENERATED => __('Recovery Key Generated', 'wordfence'), self::SITE_MAIL_SEND_FAILED => __('Mail Send Failed', 'wordfence'), self::SITE_MAIL_SENT => __('Mail Sent', 'wordfence'), self::SITE_OPTION_ACTIVE_PLUGINS => __('Active Plugins Option Changed', 'wordfence'), self::SITE_OPTION_ADMIN_EMAIL => __('Admin Email Option Changed', 'wordfence'), self::SITE_OPTION_ANONYMOUS_COMMENTS => __('Anonymous Comments Allowed Option Changed', 'wordfence'), self::SITE_OPTION_COMMENT_MODERATION => __('Comment Moderation Default Option Changed', 'wordfence'), self::SITE_OPTION_DEFAULT_COMMENT_STATUS => __('Default Comment Status Option Changed', 'wordfence'), self::SITE_OPTION_DEFAULT_ROLE => __('Default User Role Option Changed', 'wordfence'), self::SITE_OPTION_HOME_URL => __('Home URL Option Changed', 'wordfence'), self::SITE_OPTION_SITE_URL => __('Site URL Option Changed', 'wordfence'), self::SITE_OPTION_STYLESHEET => __('Child Theme Option Changed', 'wordfence'), self::SITE_OPTION_TEMPLATE => __('Parent Theme Option Changed', 'wordfence'), self::SITE_OPTION_USER_REGISTRATION => __('User Registration Permission Option Changed', 'wordfence'), self::SITE_PERMISSIONS_ROLE_CAPABILITIES => __('Role Capabilities Changed', 'wordfence'), self::SITE_PERMISSIONS_ADMIN_PAGE_DENIED => __('Admin Page View Denied', 'wordfence'), self::SITE_PLUGIN_INSTALLED => __('Plugin Installed', 'wordfence'), self::SITE_PLUGIN_DELETED => __('Plugin Deleted', 'wordfence'), self::SITE_PLUGIN_ACTIVATED => __('Plugin Activated', 'wordfence'), self::SITE_PLUGIN_DEACTIVATED => __('Plugin Deactivated', 'wordfence'), self::SITE_THEME_INSTALLED => __('Theme Installed', 'wordfence'), self::SITE_THEME_DELETED => __('Theme Deleted', 'wordfence'), self::SITE_THEME_SWITCHED => __('Theme Switched', 'wordfence'), self::SITE_THEME_CUSTOMIZED => __('Theme Customized', 'wordfence'), self::SITE_THEME_SIDEBAR_UPDATED => __('Theme Sidebar Updated', 'wordfence'), self::SITE_UPDATE_AUTOMATIC_COMPLETED => __('Automatic Updates Completed', 'wordfence'), self::SITE_UPDATE_CORE => __('Core Update Completed', 'wordfence'), self::SITE_UPDATE_PLUGIN => __('Plugin Update Completed', 'wordfence'), self::SITE_UPDATE_THEME => __('Theme Update Completed', 'wordfence'), ); } public static function eventRateLimiters() { return array( self::SITE_PERMISSIONS_ROLE_CAPABILITIES => function($auditLog, $payload) { $hash = self::_normalizedPayloadHash($payload); if (self::_rateLimiterCheck(self::SITE_PERMISSIONS_ROLE_CAPABILITIES, $hash)) { self::_rateLimiterConsume(self::SITE_PERMISSIONS_ROLE_CAPABILITIES, $hash); return true; } return false; }, ); } /** * Registers the observers for this class's chunk of functionality. * * @param wfAuditLog $auditLog */ protected static function _registerObservers($auditLog) { $auditLog->_addObserver('export_wp', function($args) use ($auditLog) { //Exported WP data $auditLog->_recordAction(self::SITE_DATA_EXPORTED, array('settings' => $args)); }); if ($auditLog->mode() == self::AUDIT_LOG_MODE_ALL) { $auditLog->_addObserver('wp_mail_succeeded', function($args) use ($auditLog) { //Mail sent $payload = array( 'to_count' => isset($args['to']) ? count($args['to']) : 0, 'subject' => isset($args['subject']) ? $args['subject'] : null, 'attachment_count' => isset($args['attachments']) ? count($args['attachments']) : 0, ); $auditLog->_recordAction(self::SITE_MAIL_SENT, $payload); }); $auditLog->_addObserver('wp_mail_failed', function($error /** @var WP_Error $error */) use ($auditLog) { //Mail failed sending $args = $error->get_error_data(); $payload = array( 'to_count' => isset($args['to']) ? count($args['to']) : 0, 'subject' => isset($args['subject']) ? $args['subject'] : null, 'attachment_count' => isset($args['attachments']) ? count($args['attachments']) : 0, 'error' => $error->get_error_message(), ); $auditLog->_recordAction(self::SITE_MAIL_SEND_FAILED, $payload); }); } $auditLog->_addObserver('update_option_comment_registration', function($old_value, $value, $option) use ($auditLog) { //Comment registration required enabled/disabled $auditLog->_recordAction(self::SITE_OPTION_ANONYMOUS_COMMENTS, array('state' => wfUtils::truthyToBoolean($value))); }); $auditLog->_addObserver('update_option_default_role', function($old_value, $value, $option) use ($auditLog) { //Default role on user registration $auditLog->_recordAction(self::SITE_OPTION_DEFAULT_ROLE, array('state' => $value)); }); $auditLog->_addObserver('update_option_users_can_register', function($old_value, $value, $option) use ($auditLog) { //User registration allowed $auditLog->_recordAction(self::SITE_OPTION_USER_REGISTRATION, array('state' => wfUtils::truthyToBoolean($value))); }); $auditLog->_addObserver('update_option_siteurl', function($old_value, $value, $option) use ($auditLog) { //Site URL $auditLog->_recordAction(self::SITE_OPTION_SITE_URL, array('url' => $value)); }); $auditLog->_addObserver('update_option_home', function($old_value, $value, $option) use ($auditLog) { //Home URL $auditLog->_recordAction(self::SITE_OPTION_HOME_URL, array('url' => $value)); }); $auditLog->_addObserver('update_option_admin_email', function($old_value, $value, $option) use ($auditLog) { //Admin email $auditLog->_recordAction(self::SITE_OPTION_ADMIN_EMAIL, array('email' => $value)); }); $auditLog->_addObserver('update_option_default_comment_status', function($old_value, $value, $option) use ($auditLog) { //Default comment status $auditLog->_recordAction(self::SITE_OPTION_DEFAULT_COMMENT_STATUS, array('status' => $value)); }); $auditLog->_addObserver('update_option_comment_moderation', function($old_value, $value, $option) use ($auditLog) { //Comment moderation enabled/disabled $auditLog->_recordAction(self::SITE_OPTION_COMMENT_MODERATION, array('state' => wfUtils::truthyToBoolean($value))); }); $auditLog->_addObserver('update_option_template', function($old_value, $value, $option) use ($auditLog) { //Theme selected, this is the parent theme value $auditLog->_recordAction(self::SITE_OPTION_TEMPLATE, array('theme' => $value)); }); $auditLog->_addObserver('update_option_stylesheet', function($old_value, $value, $option) use ($auditLog) { //Theme selected, this is the child theme value $auditLog->_recordAction(self::SITE_OPTION_STYLESHEET, array('theme' => $value)); }); $auditLog->_addObserver('admin_page_access_denied', function() use ($auditLog) { //Admin page view denied $auditLog->_recordAction(self::SITE_PERMISSIONS_ADMIN_PAGE_DENIED, array()); }); $auditLog->_addObserver('activated_plugin', function($relative_path, $network_wide) use ($auditLog) { //Plugin activated $path = trailingslashit(WP_PLUGIN_DIR) . $relative_path; if (is_readable($path)) { $plugin = $auditLog->_getPlugin($path); if ($plugin) { $auditLog->_recordAction(self::SITE_PLUGIN_ACTIVATED, array('plugin' => $plugin, 'network' => $network_wide)); } } }); $auditLog->_addObserver('deactivated_plugin', function($relative_path, $network_wide) use ($auditLog) { //Plugin deactivated $path = trailingslashit(WP_PLUGIN_DIR) . $relative_path; if (is_readable($path)) { $plugin = $auditLog->_getPlugin($path); if ($plugin) { $auditLog->_recordAction(self::SITE_PLUGIN_DEACTIVATED, array('plugin' => $plugin, 'network' => $network_wide)); } } }); $auditLog->_addObserver('deleted_plugin', function($relative_path, $deleted) use ($auditLog) { //Plugin deleted if ($deleted && $auditLog->_hasState('delete_plugin.plugin')) { $auditLog->_recordAction(self::SITE_PLUGIN_DELETED, array('plugin' => $auditLog->_getState('delete_plugin.plugin'))); } }); $auditLog->_addObserver('switch_theme', function($new_name, $new_theme, $old_theme) use ($auditLog) { //Theme switched $auditLog->_recordAction(self::SITE_THEME_SWITCHED, array('from' => $auditLog->_getTheme($old_theme), 'to' => $auditLog->_getTheme($new_theme))); }); $auditLog->_addObserver('deleted_theme', function($stylesheet, $deleted) use ($auditLog) { //Theme deleted if ($deleted && $auditLog->_hasState('delete_theme.theme')) { $auditLog->_recordAction(self::SITE_THEME_DELETED, array('theme' => $auditLog->_getState('delete_theme.theme'))); } }); $auditLog->_addObserver('customize_save_after', function($manager /** @var WP_Customize_Manager $manager */) use ($auditLog) { //Theme customized $auditLog->_recordAction(self::SITE_THEME_CUSTOMIZED, array('theme' => $auditLog->_getTheme($manager->theme()))); }); $auditLog->_addObserver('upgrader_process_complete', function($upgrader, $hook_extra) use ($auditLog) { //Updates completed $afterVersions = $auditLog->_installedVersions(); //Core if (is_array($hook_extra) && isset($hook_extra['type']) && $hook_extra['type'] == 'core' && isset($hook_extra['action']) && $hook_extra['action'] == 'update') { $payload = array( 'core' => $afterVersions['core'], ); $payload['previous_version'] = self::$initialCoreVersion; $auditLog->_recordAction(self::SITE_UPDATE_CORE, $payload); } //Plugins/themes if ($auditLog->_hasState('upgrader_post_install.pending', 0)) { $pending = $auditLog->_getState('upgrader_post_install.pending', 0); foreach ($pending as $p) { if ($p['action'] == self::SITE_PLUGIN_INSTALLED || $p['action'] == self::SITE_UPDATE_PLUGIN) { $relativePath = preg_replace('/^' . preg_quote(WP_PLUGIN_DIR, '/') . '/', '', $p['path']); if (!(validate_file($relativePath) === 0 //this conditional matches the plugin loader's requirements && preg_match('/\.php$/i', $relativePath) && file_exists(WP_PLUGIN_DIR . '/' . $relativePath) && is_readable($p['path']))) { continue; } $plugin = $auditLog->_getPlugin($p['path']); if ($plugin) { $auditLog->_recordAction($p['action'], array('plugin' => $plugin)); } } else if ($p['action'] == self::SITE_THEME_INSTALLED || $p['action'] == self::SITE_UPDATE_THEME) { if (!is_readable($p['path'])) { continue; } $theme = $auditLog->_getTheme($p['path']); if ($theme) { $auditLog->_recordAction($p['action'], array('theme' => $theme)); } } } $auditLog->_trackState('upgrader_post_install.pending', array(), 0); } }); $auditLog->_addObserver('automatic_updates_complete', function($update_results) use ($auditLog) { //Automatic updates complete $auditLog->_recordAction(self::SITE_UPDATE_AUTOMATIC_COMPLETED, array('results' => $update_results)); }); $auditLog->_addObserver('generate_recovery_mode_key', function($token, $key) use ($auditLog) { //Recovery key generated $auditLog->_recordAction(self::SITE_RECOVERY_MODE_KEY_GENERATED, array()); }); } /** * Registers the data gatherers for this class's chunk of functionality. * * @param wfAuditLog $auditLog */ protected static function _registerDataGatherers($auditLog) { $auditLog->_addObserver('update_option', function($option, $old_value, $value) use ($auditLog) { //User role capabilities changed if (preg_match('/user_roles$/i', $option)) { //For some reason this option is stored prefixed inside a table that is already prefixed on multisite, so we have to treat it special if (!$auditLog->_hasState('update_option_wp_user_roles.old', $auditLog->_extractMultisiteID($option, 'user_roles'))) { $auditLog->_trackState('update_option_wp_user_roles.old', $old_value, $auditLog->_extractMultisiteID($option, 'user_roles')); } $auditLog->_trackState('update_option_wp_user_roles.new', $value, $auditLog->_extractMultisiteID($option, 'user_roles')); $auditLog->_needsDestruct(); } }); $auditLog->_addObserver('update_option_active_plugins', function($old_value, $value, $option) use ($auditLog) { //Active plugins changed if (!$auditLog->_hasState('update_option_active_plugins.old', get_current_blog_id())) { $auditLog->_trackState('update_option_active_plugins.old', $old_value, get_current_blog_id()); } $auditLog->_trackState('update_option_active_plugins.new', $value, get_current_blog_id()); $auditLog->_needsDestruct(); }); $auditLog->_addObserver('delete_plugin', function($relative_path) use ($auditLog) { //Plugin will be deleted $path = trailingslashit(WP_PLUGIN_DIR) . $relative_path; if (is_readable($path)) { $plugin = $auditLog->_getPlugin($path); if ($plugin) { $auditLog->_trackState('delete_plugin.plugin', $plugin); } } }); $auditLog->_addObserver('delete_theme', function($stylesheet) use ($auditLog) { //Theme will be deleted $theme = $auditLog->_getTheme(wp_get_theme($stylesheet)); if ($theme) { $auditLog->_trackState('delete_theme.theme', $theme); } }); $auditLog->_addObserver('upgrader_pre_install', function($response, $hook_extra) use ($auditLog) { //Plugin/theme/core will be installed/updated, capture initial versions if (!$auditLog->_hasState('upgrader_pre_install.versions', 0)) { $auditLog->_trackState('upgrader_pre_install.versions', $auditLog->_installedVersions(), 0); } }, 'filter'); $auditLog->_addObserver('upgrader_post_install', function($response, $hook_extra, $result) use ($auditLog) { //Plugin/theme installed/updated if ($response && !is_wp_error($result)) { $pending = array(); if ($auditLog->_hasState('upgrader_post_install.pending', 0)) { $pending = $auditLog->_getState('upgrader_post_install.pending', 0); } /* * $hook_extra install example: * * array ( * 'type' => 'plugin', * 'action' => 'install', * ) * * * $hook_extra update example: * * array ( * 'plugin' => 'wordfence/wordfence.php', * 'temp_backup' => * array ( * 'slug' => 'wordfence', * 'src' => '/path/to/wp-content/plugins', * 'dir' => 'plugins', * ), * ) */ /* * $result example: * * array ( * 'source' => '/path/to/wp-content/upgrade/wordfence.8.0.0/wordfence/', * 'source_files' => * array ( * 0 => 'LICENSE.txt', * 1 => 'readme.txt', * 2 => 'wordfence.php', * 3 => ... * ), * 'destination' => '/path/to/wp-content/plugins/wordfence/', * 'destination_name' => 'wordfence', * 'local_destination' => '/path/to/wp-content/plugins', * 'remote_destination' => '/path/to/plugins/wordfence/', * 'clear_destination' => false, * ) */ if (isset($hook_extra['action']) && isset($hook_extra['type']) && isset($result['source']) && isset($result['destination'])) { //Install if ($hook_extra['action'] == 'install') { if ($hook_extra['type'] == 'plugin') { $path = $auditLog->_resolvePlugin(untrailingslashit($result['destination'])); if ($path) { $pending[] = array('action' => self::SITE_PLUGIN_INSTALLED, 'path' => $path); } } else if ($hook_extra['type'] == 'theme') { $path = $result['destination']; $pending[] = array('action' => self::SITE_THEME_INSTALLED, 'path' => $path); //Can't record here since version data hasn't refreshed yet } } } else if (isset($hook_extra['plugin']) && isset($result['source']) && isset($result['destination'])) { //Plugin update $path = $auditLog->_resolvePlugin(trailingslashit(WP_PLUGIN_DIR) . $hook_extra['plugin']); if ($path) { $pending[] = array('action' => self::SITE_UPDATE_PLUGIN, 'path' => $path); } } else if (isset($hook_extra['theme']) && isset($result['source']) && isset($result['destination'])) { //Theme update $path = trailingslashit(get_theme_root()) . $hook_extra['theme']; $pending[] = array('action' => self::SITE_UPDATE_THEME, 'path' => $path); } $auditLog->_trackState('upgrader_post_install.pending', $pending, 0); } return $response; }, 'filter'); } /** * Registers the coalescers for this class's chunk of functionality. * * @param wfAuditLog $auditLog */ protected static function _registerCoalescers($auditLog) { $auditLog->_addCoalescer(function() use ($auditLog) { //Role capabilities changed $old = $auditLog->_getAllStates('update_option_wp_user_roles.old'); if (!count($old)) { return; } if (count($old) > 1) { $payload = array(); foreach ($old as $blog_id => $o) { $new = $auditLog->_getState('update_option_wp_user_roles.new', $blog_id); $diff = wfUtils::array_diff($o, $new); if (!empty($diff['added']) || !empty($diff['removed'])) { $payload[] = array('capabilities' => $new, 'diff' => $diff, 'multisite_blog_id' => $blog_id); } } if (count($payload)) { $auditLog->_recordAction(self::SITE_PERMISSIONS_ROLE_CAPABILITIES, array('changes' => $payload)); } } else { $blog_id = wfUtils::array_key_first($old); $old = $old[$blog_id]; $new = $auditLog->_getState('update_option_wp_user_roles.new', $blog_id); $diff = wfUtils::array_diff($old, $new); if (!empty($diff['added']) || !empty($diff['removed'])) { $auditLog->_recordAction(self::SITE_PERMISSIONS_ROLE_CAPABILITIES, array('capabilities' => $new, 'diff' => $diff)); } } }); $auditLog->_addCoalescer(function() use ($auditLog) { //Active plugins changed $old = $auditLog->_getAllStates('update_option_active_plugins.old'); if (!count($old)) { return; } if (count($old) > 1) { $payload = array(); foreach ($old as $blog_id => $o) { $new = $auditLog->_getState('update_option_active_plugins.new', $blog_id); $diff = wfUtils::array_diff($o, $new); if (!empty($diff['added']) || !empty($diff['removed'])) { $payload[] = array('plugins' => $new, 'diff' => $diff, 'multisite_blog_id' => $blog_id); } } if (count($payload)) { $auditLog->_recordAction(self::SITE_OPTION_ACTIVE_PLUGINS, array('changes' => $payload)); } } else { $blog_id = wfUtils::array_key_first($old); $old = $old[$blog_id]; $new = $auditLog->_getState('update_option_active_plugins.new', $blog_id); $diff = wfUtils::array_diff($old, $new); if (!empty($diff['added']) || !empty($diff['removed'])) { $auditLog->_recordAction(self::SITE_OPTION_ACTIVE_PLUGINS, array('plugins' => $new, 'diff' => $diff)); } } }); } }PK!öˆæh6h6-wfAuditLogObserversWordPressCoreMultisite.phpnu„[µü¤ array( self::MULTISITE_BLOG_CREATED, self::MULTISITE_BLOG_DELETED, self::MULTISITE_BLOG_UPDATED, self::MULTISITE_BLOG_ACTIVATED, self::MULTISITE_BLOG_DEACTIVATED, self::MULTISITE_BLOG_SIGNUP_SUBMITTED, self::MULTISITE_BLOG_MARK_ARCHIVED, self::MULTISITE_BLOG_MARK_DELETED, self::MULTISITE_BLOG_MARK_PUBLIC, self::MULTISITE_BLOG_MARK_SPAM, self::MULTISITE_BLOG_UNMARK_ARCHIVED, self::MULTISITE_BLOG_UNMARK_DELETED, self::MULTISITE_BLOG_UNMARK_PUBLIC, self::MULTISITE_BLOG_UNMARK_SPAM, ), wfAuditLog::AUDIT_LOG_CATEGORY_PLUGINS_THEMES_UPDATES => array( self::MULTISITE_NETWORK_OPTION_ACTIVE_PLUGINS, ), wfAuditLog::AUDIT_LOG_CATEGORY_USER_PERMISSIONS => array( self::MULTISITE_USER_CREATED, self::MULTISITE_USER_DELETED, self::MULTISITE_USER_ACTIVATED, self::MULTISITE_USER_ADDED, self::MULTISITE_USER_REMOVED, self::MULTISITE_USER_INVITED, self::MULTISITE_USER_SIGNED_UP, self::USER_SUPER_ADMIN_GRANTED, self::USER_SUPER_ADMIN_REVOKED, ), ); } public static function eventNames() { return array( self::MULTISITE_BLOG_CREATED => __('Multisite Blog Created', 'wordfence'), self::MULTISITE_BLOG_DELETED => __('Multisite Blog Deleted', 'wordfence'), self::MULTISITE_BLOG_UPDATED => __('Multisite Blog Updated', 'wordfence'), self::MULTISITE_BLOG_ACTIVATED => __('Multisite Blog Activated', 'wordfence'), self::MULTISITE_BLOG_DEACTIVATED => __('Multisite Blog Deactivated', 'wordfence'), self::MULTISITE_BLOG_SIGNUP_SUBMITTED => __('Multisite Blog Signup Submitted', 'wordfence'), self::MULTISITE_BLOG_MARK_ARCHIVED => __('Multisite Blog Archived', 'wordfence'), self::MULTISITE_BLOG_MARK_DELETED => __('Multisite Blog Moved to Trash', 'wordfence'), self::MULTISITE_BLOG_MARK_PUBLIC => __('Multisite Blog Made Public', 'wordfence'), self::MULTISITE_BLOG_MARK_SPAM => __('Multisite Blog Marked as Spam', 'wordfence'), self::MULTISITE_BLOG_UNMARK_ARCHIVED => __('Multisite Blog Unarchived', 'wordfence'), self::MULTISITE_BLOG_UNMARK_DELETED => __('Multisite Blog Removed from Trash', 'wordfence'), self::MULTISITE_BLOG_UNMARK_PUBLIC => __('Multisite Blog Made Private', 'wordfence'), self::MULTISITE_BLOG_UNMARK_SPAM => __('Multisite Blog Unmarked as Spam', 'wordfence'), self::MULTISITE_USER_CREATED => __('Multisite User Created', 'wordfence'), self::MULTISITE_USER_DELETED => __('Multisite User Deleted', 'wordfence'), self::MULTISITE_USER_ACTIVATED => __('Multisite User Activated', 'wordfence'), self::MULTISITE_USER_ADDED => __('User Added to Multisite Blog', 'wordfence'), self::MULTISITE_USER_REMOVED => __('User Removed from Multisite Blog', 'wordfence'), self::MULTISITE_USER_INVITED => __('User Invited to Multisite Blog', 'wordfence'), self::MULTISITE_USER_SIGNED_UP => __('User Signed Up on Multisite Blog', 'wordfence'), self::MULTISITE_NETWORK_OPTION_ACTIVE_PLUGINS => __('Multisite Network Plugins Changed', 'wordfence'), self::USER_SUPER_ADMIN_GRANTED => __('Super Admin Granted to User', 'wordfence'), self::USER_SUPER_ADMIN_REVOKED => __('Super Admin Revoked from User', 'wordfence'), ); } public static function eventRateLimiters() { return array(); } /** * Registers the observers for this class's chunk of functionality. * * @param wfAuditLog $auditLog */ protected static function _registerObservers($auditLog) { if (!is_multisite()) { return; } $auditLog->_addObserver('activate_blog', function($id) use ($auditLog) { //Multisite blog activated (from deactivated state -- WP uses trashed/untrashed pattern internally for this) $blog = get_blog_details(array('blog_id' => $id)); $auditLog->_recordAction(self::MULTISITE_BLOG_ACTIVATED, array('blog' => $auditLog->_sanitizeMultisiteData(false, $blog))); }); $auditLog->_addObserver('wp_insert_site', function($blog) use ($auditLog) { //Multisite blog created $auditLog->_recordAction(self::MULTISITE_BLOG_CREATED, array('blog' => $auditLog->_sanitizeMultisiteData(false, $blog))); }); $auditLog->_addObserver('wp_delete_site', function($blog) use ($auditLog) { //Multisite blog deleted if ($auditLog->_hasState('wp_validate_site_deletion.blog')) { $auditLog->_recordAction(self::MULTISITE_BLOG_DELETED, array('blog' => $auditLog->_getState('wp_validate_site_deletion.blog'))); } }); $auditLog->_addObserver('wp_update_site', function($new_blog, $old_blog) use ($auditLog) { //Multisite blog updated $before = $auditLog->_sanitizeMultisiteData(false, $old_blog); $after = $auditLog->_sanitizeMultisiteData(false, $new_blog); $changes = array_keys($auditLog->_multisiteDiff($before, $after)); $auditLog->_recordAction(self::MULTISITE_BLOG_UPDATED, array('blog' => $after, 'changes' => $changes)); }); $auditLog->_addObserver('archive_blog', function($blog_id) use ($auditLog) { //Multisite blog archived $blog = get_blog_details(array('blog_id' => $blog_id)); $auditLog->_recordAction(self::MULTISITE_BLOG_MARK_ARCHIVED, array('blog' => $auditLog->_sanitizeMultisiteData(false, $blog))); }); $auditLog->_addObserver('unarchive_blog', function($blog_id) use ($auditLog) { //Multisite blog unarchived $blog = get_blog_details(array('blog_id' => $blog_id)); $auditLog->_recordAction(self::MULTISITE_BLOG_UNMARK_ARCHIVED, array('blog' => $auditLog->_sanitizeMultisiteData(false, $blog))); }); $auditLog->_addObserver('make_delete_blog', function($blog_id) use ($auditLog) { //Multisite blog trashed $blog = get_blog_details(array('blog_id' => $blog_id)); $auditLog->_recordAction(self::MULTISITE_BLOG_MARK_DELETED, array('blog' => $auditLog->_sanitizeMultisiteData(false, $blog))); }); $auditLog->_addObserver('make_undelete_blog', function($blog_id) use ($auditLog) { //Multisite blog untrashed $blog = get_blog_details(array('blog_id' => $blog_id)); $auditLog->_recordAction(self::MULTISITE_BLOG_UNMARK_DELETED, array('blog' => $auditLog->_sanitizeMultisiteData(false, $blog))); }); $auditLog->_addObserver('update_blog_public', function($blog_id, $public) use ($auditLog) { //Multisite blog made public/private $blog = get_blog_details(array('blog_id' => $blog_id)); $auditLog->_recordAction(wfUtils::truthyToBoolean($public) ? self::MULTISITE_BLOG_MARK_PUBLIC : self::MULTISITE_BLOG_UNMARK_PUBLIC, array('blog' => $auditLog->_sanitizeMultisiteData(false, $blog))); }); $auditLog->_addObserver('make_spam_blog', function($blog_id) use ($auditLog) { //Multisite blog marked spam $blog = get_blog_details(array('blog_id' => $blog_id)); $auditLog->_recordAction(self::MULTISITE_BLOG_MARK_SPAM, array('blog' => $auditLog->_sanitizeMultisiteData(false, $blog))); }); $auditLog->_addObserver('make_ham_blog', function($blog_id) use ($auditLog) { //Multisite blog unmarked spam $blog = get_blog_details(array('blog_id' => $blog_id)); $auditLog->_recordAction(self::MULTISITE_BLOG_UNMARK_SPAM, array('blog' => $auditLog->_sanitizeMultisiteData(false, $blog))); }); $auditLog->_addObserver('after_signup_site', function($domain, $path, $title, $user, $user_email, $key, $meta) use ($auditLog) { //Multisite blog signup $auditLog->_recordAction(self::MULTISITE_BLOG_SIGNUP_SUBMITTED, array( 'blog' => array( 'blog_domain' => $domain, 'blog_path' => $path, 'blog_name' => $title, ), 'user' => array( 'user_login' => $user, ), )); }); $auditLog->_addObserver('add_user_to_blog', function($user_id, $role, $blog_id) use ($auditLog) { //User added to multisite blog $user = get_user_by('ID', $user_id); $blog = get_blog_details(array('blog_id' => $blog_id)); $auditLog->_recordAction(self::MULTISITE_USER_ADDED, array('blog' => $auditLog->_sanitizeMultisiteData(false, $blog), 'user' => $auditLog->_sanitizeUserdata($user), 'role' => $role)); }); $auditLog->_addObserver('wpmu_new_user', function($user_id) use ($auditLog) { //New unprivileged multisite user created $user = get_user_by('ID', $user_id); $auditLog->_recordAction(self::MULTISITE_USER_CREATED, array('user' => $auditLog->_sanitizeUserdata($user))); }); $auditLog->_addObserver('wpmu_delete_user', function($id, $user) use ($auditLog) { //Multisite user will be deleted $auditLog->_recordAction(self::MULTISITE_USER_DELETED, array('user' => $auditLog->_sanitizeUserdata($user))); }); $auditLog->_addObserver('invite_user', function($user_id, $role, $newuser_key) use ($auditLog) { //Multisite user invited to blog $user = get_user_by('ID', $user_id); $blog = get_blog_details(); $auditLog->_recordAction(self::MULTISITE_USER_INVITED, array('blog' => $auditLog->_sanitizeMultisiteData(false, $blog), 'user' => $auditLog->_sanitizeUserdata($user), 'role' => $role)); }); $auditLog->_addObserver('remove_user_from_blog', function($user_id, $blog_id, $reassign_id) use ($auditLog) { //Multisite user removed from blog $user = get_user_by('ID', $user_id); $blog = get_blog_details(array('blog_id' => $blog_id)); $reassign = get_user_by('ID', $reassign_id); $auditLog->_recordAction(self::MULTISITE_USER_REMOVED, array('blog' => $auditLog->_sanitizeMultisiteData(false, $blog), 'user' => $auditLog->_sanitizeUserdata($user), 'reassign' => $auditLog->_sanitizeUserdata($reassign))); }); $auditLog->_addObserver('after_signup_user', function($user, $user_email, $key, $meta) use ($auditLog) { //Multisite user signup $auditLog->_recordAction(self::MULTISITE_USER_SIGNED_UP, array( 'user' => array( 'user_login' => $user, ), )); }); $auditLog->_addObserver('granted_super_admin', function($user_id) use ($auditLog) { //Super admin granted $user = get_user_by('ID', $user_id); $auditLog->_recordAction(self::USER_SUPER_ADMIN_GRANTED, $auditLog->_sanitizeUserdata($user)); }); $auditLog->_addObserver('revoked_super_admin', function($user_id) use ($auditLog) { //Super admin revoked $user = get_user_by('ID', $user_id); $auditLog->_recordAction(self::USER_SUPER_ADMIN_REVOKED, $auditLog->_sanitizeUserdata($user)); }); } /** * Registers the data gatherers for this class's chunk of functionality. * * @param wfAuditLog $auditLog */ protected static function _registerDataGatherers($auditLog) { if (!is_multisite()) { return; } $auditLog->_addObserver('wp_validate_site_deletion', function($errors, $blog) use ($auditLog) { //Multisite site will be deleted $auditLog->_trackState('wp_validate_site_deletion.blog', $auditLog->_sanitizeMultisiteData(false, $blog)); }); $auditLog->_addObserver('update_site_option_active_sitewide_plugins', function($option, $value, $old_value, $network_id) use ($auditLog) { //Network active plugins changed if (!$auditLog->_hasState('update_site_option_active_sitewide_plugins.old', 0)) { $auditLog->_trackState('update_site_option_active_sitewide_plugins.old', $old_value, 0); } $auditLog->_trackState('update_site_option_active_sitewide_plugins.new', $value, 0); $auditLog->_needsDestruct(); }); } /** * Registers the coalescers for this class's chunk of functionality. * * @param wfAuditLog $auditLog */ protected static function _registerCoalescers($auditLog) { if (!is_multisite()) { return; } $auditLog->_addCoalescer(function() use ($auditLog) { //Network active plugins changed $old = $auditLog->_getState('update_site_option_active_sitewide_plugins.old', 0); if (!is_array($old) || !count($old)) { return; } $new = $auditLog->_getState('update_site_option_active_sitewide_plugins.new', 0); $diff = wfUtils::array_diff($old, $new); $auditLog->_recordAction(self::MULTISITE_NETWORK_OPTION_ACTIVE_PLUGINS, array('plugins' => $new, 'diff' => $diff)); }); } }PK!AL6++wfAuditLogObserversPreview.phpnu„[µü¤PK!êt|$G$G+_+wfAuditLogObserversWordPressCoreContent.phpnu„[µü¤PK!a ´Ÿ11(ÞrwfAuditLogObserversWordPressCoreUser.phpnu„[µü¤PK!©Õ Ó]‚]‚ <¤wfAuditLogObserversWordfence.phpnu„[µü¤PK!È‘ºÀXX(é&wfAuditLogObserversWordPressCoreSite.phpnu„[µü¤PK!öˆæh6h6-_wfAuditLogObserversWordPressCoreMultisite.phpnu„[µü¤PKf$¶