Changeset 1070808
- Timestamp:
- 01/19/2015 06:01:40 AM (10 years ago)
- Location:
- https-mixed-content-detector
- Files:
-
- 13 added
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
https-mixed-content-detector/trunk/beacon.php
r1059828 r1070808 72 72 'show_in_admin_bar' => false, 73 73 'menu_position' => 25, 74 'menu_icon' => null,74 'menu_icon' => , 75 75 'can_export' => false, 76 76 'delete_with_user' => false, … … 115 115 public function manage_edit_csp_report_columns( $columns ) { 116 116 unset( $columns['title'] ); 117 118 $columns['blocked-uri'] = __( 'Blocked URI', 'zdt-mdc' ); 119 $columns['document-uri'] = __( 'Document URI', 'zdt-mdc' ); 120 $columns['referrer'] = __( 'Referrer', 'zdt-mdc' ); 121 $columns['violated-directive'] = __( 'Violated Directive', 'zdt-mdc' ); 122 $columns['original-policy'] = __( 'Original Policy', 'zdt-mdc' ); 117 unset( $columns['date'] ); 118 119 $columns['blocked-uri'] = __( 'Blocked URI', 'zdt-mcd' ); 120 $columns['document-uri'] = __( 'Document URI', 'zdt-mcd' ); 121 $columns['referrer'] = __( 'Referrer', 'zdt-mcd' ); 122 $columns['violated-directive'] = __( 'Violated Directive', 'zdt-mcd' ); 123 $columns['report-date'] = __( 'Date', 'zdt-mcd' ); 124 $columns['location'] = __( 'Location', 'zdt-mcd' ); 125 $columns['resolve-status'] = __( 'Resolved', 'zdt-mcd' ); 126 $columns['secure-status'] = __( 'Secure URI', 'zdt-mcd' ); 123 127 124 128 return $columns; … … 137 141 switch ( $column ) { 138 142 case 'blocked-uri' : 139 echo esc_url( get_ the_title( $post_id) );143 echo esc_url( get_ ) ); 140 144 break; 141 145 … … 154 158 break; 155 159 156 case 'original-policy' : 157 $original_policy = get_post_meta( $post_id , 'original-policy' , true ); 158 echo ( ! empty( $original_policy ) ) ? esc_html( wp_strip_all_tags( $original_policy ) ) : __( 'N/A', 'zdt-mcd' ); 160 case 'report-date' : 161 echo human_time_diff( get_the_date( 'U', get_the_ID() ) ); 162 break; 163 164 case 'location': 165 $location_id = get_post_meta( get_the_ID(), 'location', true ); 166 $collector = mcd_get_mixed_content_detector()->violation_location_collector; 167 $location = $collector->get_item( $location_id ); 168 169 if ( method_exists( $location, 'get_location_name' ) ) { 170 echo esc_html( $location->get_location_name() ); 171 } else if ( 'unknown' === $location_id ) { 172 echo __( 'Unknown', 'zdt-mcd' ); 173 } else { 174 echo __( 'N/A', 'zdt-mcd' ); 175 } 176 177 break; 178 179 case 'resolve-status': 180 echo ( 1 === (int) get_post_meta( get_the_ID(), 'resolved', true ) ) ? __( 'Yes', 'zdt-mcd' ) : __( 'No', 'zdt-mcd' ); 181 break; 182 183 case 'secure-status': 184 $status = (int) get_post_meta( get_the_ID(), 'valid-https-uri', true ); 185 186 if ( 1 === $status ) { 187 $message = __( 'Yes', 'zdt-mcd' ); 188 } elseif ( 0 === $status ) { 189 $message = __( 'No', 'zdt-mcd' ); 190 } else { 191 $message = __( 'Unknown', 'zdt-mcd' ); 192 } 193 194 echo $message; 159 195 break; 160 196 } … … 171 207 */ 172 208 public function handle_report_uri() { 173 // If you can turn on the plugin, the beacon should work for you174 if ( ! current_user_can( 'activate_plugins' ) ) {175 return;176 }177 178 209 // Check to make sure the a beacon request has been made 179 210 if ( ! isset( $_GET['mcd'] ) || 'report' !== $_GET['mcd'] ) { 180 211 return; 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 181 232 } 182 233 … … 229 280 } 230 281 282 283 284 231 285 // Check if the domain supports HTTPS 232 286 if ( isset( $clean_data['blocked-uri'] ) ) { -
https-mixed-content-detector/trunk/config.php
r1059828 r1070808 24 24 define( 'MCD_MONITOR_FRONT_END', true ); 25 25 } 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 -
https-mixed-content-detector/trunk/helpers.php
r1059828 r1070808 8 8 * 9 9 * @param int $num The number of violations to query. 10 10 11 * @return WP_Query The WP_Query containing the violations 11 12 */ 12 function mcd_get_violation_wp_query( $num = 999 ) {13 function mcd_get_violation_wp_query( $num = 999 ) { 13 14 // Determine number of violations to display 14 15 $num = ( ! empty( $num ) ) ? intval( $num ) : 999; // Use intval to allow -1 if desired 15 16 16 // Query for all violations 17 $violations = new WP_Query( array( 18 'post_type' => 'csp-report', 17 $args = array( 18 'post_type' => 'csp-report', 19 19 'posts_per_page' => $num, 20 'no_found_rows' => true, 21 ) ); 22 23 return $violations; 20 'no_found_rows' => true, 21 ); 22 23 // If a specific ID is queried, add it to the query 24 if ( 0 !== $id ) { 25 $args['p'] = absint( $id ); 26 $args['posts_per_page'] = 1; 27 } 28 29 return new WP_Query( $args ); 24 30 } 25 31 endif; … … 46 52 * 47 53 * @param int $num The number of violations to get. 54 48 55 * @return array The data for the violations. 49 56 */ 50 function mcd_get_violation_data( $num = 999 ) {57 function mcd_get_violation_data( $num = 999 ) { 51 58 // Set a data collector 52 59 $data = array(); 53 60 54 61 // Query for the violations 55 $violation_wp_query = mcd_get_violation_wp_query( $num );62 $violation_wp_query = mcd_get_violation_wp_query( $num ); 56 63 57 64 // Package up the important data … … 69 76 $original_policy = ( ! empty( $original_policy ) ) ? $original_policy : __( 'N/A', 'zdt-mcd' ); 70 77 78 79 80 71 81 $valid_https_uri = get_post_meta( get_the_ID(), 'valid-https-uri', true ); 72 82 $valid_https_uri = ( '0' === $valid_https_uri || '1' === $valid_https_uri ) ? intval( $valid_https_uri ) : -1; … … 74 84 $data[ get_the_ID() ] = array( 75 85 'id' => get_the_ID(), 76 'blocked-uri' => get_ the_title(),86 'blocked-uri' => get_), 77 87 'document-uri' => get_post_meta( get_the_ID(), 'document-uri', true ), 78 88 'referrer' => $referrer, 79 89 'violated-directive' => $v_directive, 80 90 'original-policy' => $original_policy, 91 81 92 'resolved' => absint( get_post_meta( get_the_ID(), 'resolved', true ) ), 82 93 'valid-https-uri' => $valid_https_uri, … … 245 256 } 246 257 endif; 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 -
https-mixed-content-detector/trunk/https-mixed-content-detector.php
r1059828 r1070808 4 4 * Plugin URI: https://github.com/tollmanz/wordpress-https-mixed-content-detector 5 5 * Description: A tool for proactively detecting mixed content issues in TLS enabled WordPress websites. 6 * Version: 1. 1.06 * Version: 1..0 7 7 * Author: Zack Tollman 8 8 * Author URI: https://www.tollmanz.com … … 25 25 * @var string The semantically versioned plugin version number. 26 26 */ 27 var $version = '1. 1.0';27 var $version = '1..0'; 28 28 29 29 /** … … 53 53 */ 54 54 var $url_base = ''; 55 56 57 58 59 60 61 62 63 55 64 56 65 /** … … 97 106 include $this->root_dir . '/policy.php'; 98 107 108 99 109 if ( defined('WP_CLI') && WP_CLI ) { 100 110 include $this->root_dir . '/wp-cli.php'; 101 111 } 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 102 167 } 103 168 } -
https-mixed-content-detector/trunk/policy.php
r1059828 r1070808 54 54 */ 55 55 public function add_cps_header() { 56 if ( ! is_user_logged_in() ) { 57 return; 56 /** 57 * The CSP header is added should be added if we are in sample mode or if not in sample mode *and* logged in. 58 * Sample mode will set set a header for every request; however, the beacon will only accept 59 * MCD_SAMPLE_FREQUENCY percent of requests. 60 */ 61 if ( false === MCD_SAMPLE_MODE ) { 62 if ( ! is_user_logged_in() ) { 63 return; 64 } 58 65 } 59 66 -
https-mixed-content-detector/trunk/readme.txt
r1059828 r1070808 4 4 Requires at least: 4.0.1 5 5 Tested up to: trunk 6 Stable tag: 1. 1.06 Stable tag: 1..0 7 7 License: GPLv2 or later 8 8 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 35 35 36 36 1. Content Security Policy reports are collected in the Content Security Policy Reports list table. 37 37 38 38 39 == Changelog == 40 41 42 43 44 39 45 40 46 = 1.1.0 = … … 54 60 == Upgrade Notice == 55 61 62 63 64 56 65 = 1.1.0 = 57 66 Adds HTTPS domain checking, WP CLI commands and more specific CSP directives -
https-mixed-content-detector/trunk/wp-cli.php
r1059828 r1070808 42 42 $value = $unresolved; 43 43 } else { 44 $value = __( '-', 'zdt-m dc' );44 $value = __( '-', 'zdt-m' ); 45 45 } 46 46 } … … 59 59 // Set up the Headers and Footers 60 60 $header_footers = array( 61 __( 'ID', 'zdt-mdc' ), 62 __( 'Blocked URI', 'zdt-mdc' ), 63 __( 'Document URI', 'zdt-mdc' ), 64 __( 'Referrer', 'zdt-mdc' ), 65 __( 'Violated Directive', 'zdt-mdc' ), 66 __( 'R', 'zdt-mdc' ), 67 __( 'S', 'zdt-mdc' ), 61 __( 'ID', 'zdt-mcd' ), 62 __( 'Blocked URI', 'zdt-mcd' ), 63 __( 'Document URI', 'zdt-mcd' ), 64 __( 'Referrer', 'zdt-mcd' ), 65 __( 'Directive', 'zdt-mcd' ), 66 __( 'Location', 'zdt-mcd' ), 67 __( 'R', 'zdt-mcd' ), 68 __( 'S', 'zdt-mcd' ), 68 69 ); 69 70 … … 77 78 WP_CLI::line( "\n R = Resolved, S = Secure URI Available\n" ); 78 79 } else { 79 WP_CLI::warning( __( 'There are no CSP violations logged.', 'zdt-m dc' ) );80 WP_CLI::warning( __( 'There are no CSP violations logged.', 'zdt-m' ) ); 80 81 } 81 82 } … … 254 255 WP_CLI::success( $message ); 255 256 } 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 256 346 } 257 347 endif;
Note: See TracChangeset
for help on using the changeset viewer.