Merge remote-tracking branch 'refs/remotes/origin/master' into fix/de…

…v-env

# Conflicts:
#	.travis.yml
#	composer.json
#	composer.lock
#	package-lock.json
#	tests/tests/test-class-admin.php
#	tests/tests/test-class-alerts.php

alerts/class-alert-type-menu-alert.php

@@ -141,8 +141,6 @@ public function menu_alert( $wp_admin_bar ) {
 	/**
 	 * Get a list of all current alert messages for current user.
 	 *
-	 * @todo update this for VIP. (get_user_meta)
-	 *
 	 * @return array List of alert messages
 	 */
 	public function get_messages() {

classes/class-admin.php

@@ -191,13 +191,6 @@ public function __construct( $plugin ) {
 			)
 		);
 
-		/**
-		 * Uninstall Streams and Deactivate plugin.
-		 *
-		 * @todo Confirm if variable assignment is necessary.
-		 */
-		$uninstall = $this->plugin->db->driver->purge_storage( $this->plugin );
-
 		// Auto purge setup.
 		add_action( 'wp_loaded', array( $this, 'purge_schedule_setup' ) );
 		add_action(
@@ -227,6 +220,12 @@ public function init() {
 		$this->network     = new Network( $this->plugin );
 		$this->live_update = new Live_Update( $this->plugin );
 		$this->export      = new Export( $this->plugin );
+
+		// Check if the host has configured the `REMOTE_ADDR` correctly.
+		$client_ip = $this->plugin->get_client_ip_address();
+		if ( empty( $client_ip ) && $this->is_stream_screen() ) {
+			$this->notice( __( 'Stream plugin can\'t determine a reliable client IP address! Please update the hosting environment to set the $_SERVER[\'REMOTE_ADDR\'] variable or use the wp_stream_client_ip_address filter to specify the verified client IP address!', 'stream' ) );
+		}
 	}
 
 	/**
@@ -472,7 +471,6 @@ public function admin_enqueue_scripts( $hook ) {
 					'i18n'       => array(
 						'confirm_purge'     => esc_html__( 'Are you sure you want to delete all Stream activity records from the database? This cannot be undone.', 'stream' ),
 						'confirm_defaults'  => esc_html__( 'Are you sure you want to reset all site settings to default? This cannot be undone.', 'stream' ),
-						'confirm_uninstall' => esc_html__( 'Are you sure you want to uninstall and deactivate Stream? This will delete all Stream tables from the database and cannot be undone.', 'stream' ),
 					),
 					'locale'     => esc_js( $locale ),
 					'gmt_offset' => get_option( 'gmt_offset' ),
@@ -540,15 +538,21 @@ public function admin_enqueue_scripts( $hook ) {
 	 * @return bool
 	 */
 	public function is_stream_screen() {
-		if ( is_admin() && false !== strpos( wp_stream_filter_input( INPUT_GET, 'page' ), $this->records_page_slug ) ) {
-			return true;
+		if ( ! is_admin() ) {
+			return false;
 		}
 
-		$screen = get_current_screen();
-		if ( is_admin() && Alerts::POST_TYPE === $screen->post_type ) {
+		$page = wp_stream_filter_input( INPUT_GET, 'page' );
+		if ( is_string( $page ) && false !== strpos( $page, $this->records_page_slug ) ) {
 			return true;
 		}
 
+		if ( is_admin() && function_exists( 'get_current_screen' ) ) {
+			$screen = get_current_screen();
+
+			return ( Alerts::POST_TYPE === $screen->post_type );
+		}
+
 		return false;
 	}
 
@@ -817,18 +821,6 @@ public function plugin_action_links( $links, $file ) {
 
 		$links[] = sprintf( '<a href="%s">%s</a>', esc_url( $admin_page_url ), esc_html__( 'Settings', 'default' ) );
 
-		if ( ! defined( 'DISALLOW_FILE_MODS' ) || false === DISALLOW_FILE_MODS ) {
-			$url = add_query_arg(
-				array(
-					'action'          => 'wp_stream_uninstall',
-					'wp_stream_nonce' => wp_create_nonce( 'stream_nonce' ),
-				),
-				admin_url( 'admin-ajax.php' )
-			);
-
-			$links[] = sprintf( '<span id="wp_stream_uninstall" class="delete"><a href="%s">%s</a></span>', esc_url( $url ), esc_html__( 'Uninstall', 'stream' ) );
-		}
-
 		return $links;
 	}
 
@@ -1086,10 +1078,6 @@ public function get_users_record_meta( $authors ) {
 	 * @return mixed
 	 */
 	public function get_user_meta( $user_id, $meta_key, $single = true ) {
-		if ( wp_stream_is_vip() && function_exists( 'get_user_attribute' ) ) {
-			return get_user_attribute( $user_id, $meta_key );
-		}
-
 		return get_user_meta( $user_id, $meta_key, $single );
 	}
 
@@ -1104,10 +1092,6 @@ public function get_user_meta( $user_id, $meta_key, $single = true ) {
 	 * @return int|bool
 	 */
 	public function update_user_meta( $user_id, $meta_key, $meta_value, $prev_value = '' ) {
-		if ( wp_stream_is_vip() && function_exists( 'update_user_attribute' ) ) {
-			return update_user_attribute( $user_id, $meta_key, $meta_value );
-		}
-
 		return update_user_meta( $user_id, $meta_key, $meta_value, $prev_value );
 	}
 
@@ -1121,10 +1105,6 @@ public function update_user_meta( $user_id, $meta_key, $meta_value, $prev_value
 	 * @return bool
 	 */
 	public function delete_user_meta( $user_id, $meta_key, $meta_value = '' ) {
-		if ( wp_stream_is_vip() && function_exists( 'delete_user_attribute' ) ) {
-			return delete_user_attribute( $user_id, $meta_key, $meta_value );
-		}
-
 		return delete_user_meta( $user_id, $meta_key, $meta_value );
 	}
 }

classes/class-alert.php

@@ -186,7 +186,7 @@ public function update_meta( $meta_key, $meta_value, $prev_value = '' ) {
 	/**
 	 * Determine the title of the alert.
 	 *
-	 * @todo enhance human readibility
+	 * @todo enhance human readability
 	 * @return string The title of the alert
 	 */
 	public function get_title() {
@@ -207,7 +207,7 @@ public function get_title() {
 	}
 
 	/**
-	 * Retreive current alert type object
+	 * Retrieve current alert type object
 	 *
 	 * @return Alert_Type
 	 */

classes/class-alerts-list.php

@@ -112,7 +112,7 @@ public function manage_columns( $columns ) {
 	public function column_data( $column_name, $post_id ) {
 
 		$alert = $this->plugin->alerts->get_alert( $post_id );
-		if ( ! $alert ) {
+		if ( false === $alert ) {
 			return;
 		}
 

classes/class-alerts.php

@@ -24,6 +24,11 @@ class Alerts {
 	 */
 	const ALERTS_TRIGGERED_META_KEY = 'wp_stream_alerts_triggered';
 
+	/**
+	 * Capability required to access alerts.
+	 */
+	const CAPABILITY = 'manage_options';
+
 	/**
 	 * Holds Instance of plugin object
 	 *
@@ -280,6 +285,10 @@ public function check_records( $record_id, $recordarr ) {
 		foreach ( $alerts->posts as $alert ) {
 			$alert = $this->get_alert( $alert->ID );
 
+			if ( false === $alert ) {
+				continue;
+			}
+
 			$status = $alert->check_record( $record_id, $recordarr );
 			if ( $status ) {
 				$alert->send_alert( $record_id, $recordarr ); // @todo send_alert expects int, not array.
@@ -363,14 +372,14 @@ public function register_post_type() {
 			'show_in_menu'        => false, // @see modify_admin_menu
 			'supports'            => false,
 			'capabilities'        => array(
-				'publish_posts'       => 'manage_options',
-				'edit_others_posts'   => 'manage_options',
-				'delete_posts'        => 'manage_options',
-				'delete_others_posts' => 'manage_options',
-				'read_private_posts'  => 'manage_options',
-				'edit_post'           => 'manage_options',
-				'delete_post'         => 'manage_options',
-				'read_post'           => 'manage_options',
+				'publish_posts'       => self::CAPABILITY,
+				'edit_others_posts'   => self::CAPABILITY,
+				'delete_posts'        => self::CAPABILITY,
+				'delete_others_posts' => self::CAPABILITY,
+				'read_private_posts'  => self::CAPABILITY,
+				'edit_post'           => self::CAPABILITY,
+				'delete_post'         => self::CAPABILITY,
+				'read_post'           => self::CAPABILITY,
 			),
 		);
 
@@ -444,7 +453,7 @@ public function register_menu() {
 			$this->plugin->admin->records_page_slug,
 			__( 'Alerts', 'stream' ),
 			__( 'Alerts', 'stream' ),
-			'manage_options',
+			self::CAPABILITY,
 			'edit.php?post_type=wp_stream_alerts'
 		);
 	}
@@ -512,8 +521,10 @@ public function display_notification_box( $post = array() ) {
 		$alert      = null;
 		$alert_type = 'none';
 		if ( is_object( $post ) ) {
-			$alert      = $this->get_alert( $post->ID );
-			$alert_type = $alert->alert_type;
+			$alert = $this->get_alert( $post->ID );
+			if ( false !== $alert ) {
+				$alert_type = $alert->alert_type;
+			}
 		}
 		$form = new Form_Generator();
 
@@ -550,11 +561,18 @@ public function display_notification_box( $post = array() ) {
 	 * @return void
 	 */
 	public function load_alerts_settings() {
+		if ( ! current_user_can( self::CAPABILITY ) ) {
+			wp_send_json_error(
+				array(
+					'message' => 'You do not have permission to do this.',
+				)
+			);
+		}
 		$alert   = array();
 		$post_id = wp_stream_filter_input( INPUT_POST, 'post_id' );
 		if ( ! empty( $post_id ) ) {
 			$alert = $this->get_alert( $post_id );
-			if ( ! $alert ) {
+			if ( false === $alert ) {
 				wp_send_json_error(
 					array(
 						'message' => 'Could not find alert.',
@@ -594,11 +612,14 @@ public function load_alerts_settings() {
 	 * @return void
 	 */
 	public function display_triggers_box( $post = array() ) {
+		$alert = false;
 		if ( is_object( $post ) ) {
 			$alert = $this->get_alert( $post->ID );
-		} else {
+		}
+		if ( false === $alert ) {
 			$alert = array();
 		}
+
 		$form = new Form_Generator();
 		do_action( 'wp_stream_alert_trigger_form_display', $form, $alert );
 		// @TODO use human readable text.

classes/class-db-driver-wpdb.php

@@ -170,13 +170,8 @@ public function setup_storage( $plugin ) {
 	 * Purge storage.
 	 *
 	 * @param \WP_Stream\Plugin $plugin Instance of the plugin.
-	 * @return \WP_Stream\Uninstall
 	 */
 	public function purge_storage( $plugin ) {
-		$uninstall = new Uninstall( $plugin );
-		add_action( 'wp_ajax_wp_stream_uninstall', array( $uninstall, 'uninstall' ) );
-
-		return $uninstall;
+		// @TODO: Not doing anything here until the deactivation/uninstall flow has been rethought.
 	}
-
 }

classes/class-list-table.php

@@ -151,12 +151,12 @@ public function get_hidden_columns() {
 		}
 
 		// Directly checking the user meta; to check whether user has changed screen option or not.
-		$hidden = $this->plugin->admin->get_user_meta( $user->ID, 'manage' . $this->screen->id . 'columnshidden', true );
+		$hidden = get_user_meta( $user->ID, 'manage' . $this->screen->id . 'columnshidden', true );
 
 		// If user meta is not found; add the default hidden column 'id'.
 		if ( ! $hidden ) {
 			$hidden = array( 'id' );
-			$this->plugin->admin->update_user_meta( $user->ID, 'manage' . $this->screen->id . 'columnshidden', $hidden );
+			update_user_meta( $user->ID, 'manage' . $this->screen->id . 'columnshidden', $hidden );
 		}
 
 		return $hidden;
@@ -1139,7 +1139,7 @@ public function screen_controls( $status, $args ) {
 		if ( 'on' === $option && 'false' === $heartbeat ) {
 			$option = 'off';
 
-			$this->plugin->admin->update_user_meta( $user_id, $this->plugin->admin->live_update->user_meta_key, 'off' );
+			update_user_meta( $user_id, $this->plugin->admin->live_update->user_meta_key, 'off' );
 		}
 
 		$nonce = wp_create_nonce( $this->plugin->admin->live_update->user_meta_key . '_nonce' );

classes/class-live-update.php

@@ -72,14 +72,14 @@ public function enable_live_update() {
 		$user = (int) $input['user'];
 
 		if ( 'false' === $input['heartbeat'] ) {
-			$this->plugin->admin->update_user_meta( $user, $this->user_meta_key, 'off' );
+			update_user_meta( $user, $this->user_meta_key, 'off' );
 
 			wp_send_json_error( esc_html__( "Live updates could not be enabled because Heartbeat is not loaded.\n\nYour hosting provider or another plugin may have disabled it for performance reasons.", 'stream' ) );
 
 			return;
 		}
 
-		$success = $this->plugin->admin->update_user_meta( $user, $this->user_meta_key, $checked );
+		$success = update_user_meta( $user, $this->user_meta_key, $checked );
 
 		if ( $success ) {
 			wp_send_json_success( ( 'on' === $checked ) ? 'Live Updates enabled' : 'Live Updates disabled' );
@@ -170,7 +170,7 @@ public function gather_updated_items( $last_time, $args = array() ) {
 	/**
 	 * Handles live updates for Stream Post List
 	 *
-	 * @action heartbeat_recieved
+	 * @action heartbeat_received
 	 *
 	 * @param array $response Response to be sent to heartbeat tick.
 	 * @param array $data     Data from heartbeat send.
@@ -183,7 +183,7 @@ public function heartbeat_received( $response, $data ) {
 			return $response;
 		}
 
-		$enable_stream_update = ( 'off' !== $this->plugin->admin->get_user_meta( get_current_user_id(), $this->user_meta_key ) );
+		$enable_stream_update = ( 'off' !== get_user_meta( get_current_user_id(), $this->user_meta_key ) );
 
 		// Register list table.
 		$this->list_table = new List_Table(

classes/class-log.php

@@ -19,14 +19,6 @@ class Log {
 	 */
 	public $plugin;
 
-	/**
-	 * Hold Current visitors IP Address.
-	 *
-	 * @var string
-	 */
-	private $ip_address;
-
-
 	/**
 	 * Previous Stream record ID, used for chaining same-session records
 	 *
@@ -42,12 +34,6 @@ class Log {
 	public function __construct( $plugin ) {
 		$this->plugin = $plugin;
 
-		// Support proxy mode by checking the `X-Forwarded-For` header first.
-		$ip_address = wp_stream_filter_input( INPUT_SERVER, 'HTTP_X_FORWARDED_FOR', FILTER_VALIDATE_IP );
-		$ip_address = $ip_address ? $ip_address : wp_stream_filter_input( INPUT_SERVER, 'REMOTE_ADDR', FILTER_VALIDATE_IP );
-
-		$this->ip_address = $ip_address;
-
 		// Ensure function used in various methods is pre-loaded.
 		if ( ! function_exists( 'is_plugin_active_for_network' ) ) {
 			require_once ABSPATH . '/wp-admin/includes/plugin.php';
@@ -87,9 +73,11 @@ public function log( $connector, $message, $args, $object_id, $context, $action,
 			return false;
 		}
 
+		$ip_address = $this->plugin->get_client_ip_address();
+
 		$user = new \WP_User( $user_id );
 
-		if ( $this->is_record_excluded( $connector, $context, $action, $user ) ) {
+		if ( $this->is_record_excluded( $connector, $context, $action, $user, $ip_address ) ) {
 			return false;
 		}
 
@@ -140,7 +128,7 @@ function ( $var ) {
 			'connector' => (string) $connector,
 			'context'   => (string) $context,
 			'action'    => (string) $action,
-			'ip'        => (string) $this->ip_address,
+			'ip'        => (string) $ip_address,
 			'meta'      => (array) $stream_meta,
 		);
 
@@ -174,12 +162,6 @@ public function is_record_excluded( $connector, $context, $action, $user = null,
 			$user = wp_get_current_user();
 		}
 
-		if ( is_null( $ip ) ) {
-			$ip = $this->ip_address;
-		} else {
-			$ip = wp_stream_filter_var( $ip, FILTER_VALIDATE_IP );
-		}
-
 		if ( ! empty( $user->roles ) ) {
 			$roles = array_values( $user->roles );
 			$role  = $roles[0];