Modernise Github actions

.github/workflows/test.yml

@@ -8,20 +8,17 @@ jobs:
     name: PHP Tests
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - uses: shivammathur/setup-php@v2
         with:
-          php-version: '7.4'
-
+          php-version: '8.2'
       - name: Install dependencies
         run: |
+            composer global config allow-plugins.dealerdirect/phpcodesniffer-composer-installer true
             composer global require squizlabs/php_codesniffer wp-coding-standards/wpcs
-            phpcs --config-set installed_paths /home/runner/.composer/vendor/wp-coding-standards/wpcs
-
       - name: PHPCS
         run: |
             phpcs --config-set show_warnings 0
             phpcs
-
       # - name: PHPUnit
       #   run: php -d memory_limit=-1 ./vendor/bin/phpunit

.github/workflows/version-update.yml

@@ -3,13 +3,14 @@ name: Update WP plugin version to match Git tag
 on: push
 
 jobs:
-    tag-new-versions:
-      runs-on: ubuntu-latest
-      steps:
-        - uses: actions/checkout@v2
-          with:
-            fetch-depth: 2
-        - uses: salsify/action-detect-and-tag-new-version@v2
-          with:
-            version-command: |
-              grep "Version: " itsec-login-logs.php | sed -e 's/^.*Version: *//'
+  tag-new-versions:
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/master'
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2
+      - uses: salsify/action-detect-and-tag-new-version@v2
+        with:
+          version-command: |
+            grep "Version: " itsec-login-logs.php | sed -e 's/^.*Version: *//'

README.md

@@ -2,6 +2,7 @@
 
 Adds an entry into the iThemes Security (free) logs (notices), for each successful user login.
 
+
 ## Installation
 
 ```bash
@@ -12,6 +13,7 @@ composer config repositories.pvtl-itsec-login-logs git https://github.com/pvtl/w
 composer require "pvtl/pvtl-itsec-login-logs:~1.0"
 ```
 
+
 ## Versioning
 
 _Do not manually create tags_.

itsec-login-logs.php

@@ -47,6 +47,10 @@ function pvtl_itsec_log_logins( $user ) {
 
 	// Login was successful - log it.
 	try {
+		$request_scheme = ( ! empty( $_SERVER['REQUEST_SCHEME'] ) ) ? sanitize_text_field( $_SERVER['REQUEST_SCHEME'] ) : 'http';
+		$http_host = ( ! empty( $_SERVER['HTTP_HOST'] ) ) ? sanitize_text_field( $_SERVER['HTTP_HOST'] ) : 'localhost';
+		$request_uri = ( ! empty( $_SERVER['REQUEST_URI'] ) ) ? explode( '?', sanitize_text_field( $_SERVER['REQUEST_URI'] ), 2 )[0] : '/';
+
 		ITSEC_Log::add_notice(
 			'Login', // 'user_logging', // Module.
 			'User successfully logged in', // "user-logged-in::user-{$user->ID}", // Code.
@@ -60,7 +64,7 @@ function pvtl_itsec_log_logins( $user ) {
 			array(
 				'user_id' => $user->ID,
 				// URL without query params - which can expose the likes of SSO tokens.
-				'url' => $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'] . explode( '?', $_SERVER['REQUEST_URI'], 2 )[0],
+				'url' => "{$request_scheme}://{$http_host}{$request_uri}",
 			) // Overrides.
 		);
 	} catch ( Exception $e ) {
@@ -84,7 +88,7 @@ function pvtl_itsec_log_logins( $user ) {
  * @return int
  */
 function pvtl_cookie_expiration( $length ) {
-	return ( pvtl_itsec_is_enabled() ) ? ( 60 /* seconds */ * 60 /* minutes */ * 8 /* hours */ ) : $length;
+	return ( pvtl_itsec_is_enabled() ) ? ( 8 * HOUR_IN_SECONDS ) : $length;
 }
 
 add_filter( 'auth_cookie_expiration', 'pvtl_cookie_expiration', 99 );

phpcs.xml

@@ -14,10 +14,16 @@
     <!-- Show sniff codes in all reports -->
     <arg value="ns"/>
 
+    <!-- Include the WordPress standard. -->
+    <rule ref="WordPress">
+        <!-- Exclude any rules here -->
+        <exclude name="WordPress.Security.ValidatedSanitizedInput.MissingUnslash"/>
+    </rule>
+
     <!-- Include the WordPress-Extra standard. -->
     <rule ref="WordPress-Extra">
         <!-- Exclude any rules here -->
-        <exclude name="WordPress.PHP.DisallowShortTernary"/>
+        <!-- <exclude name="WordPress.PHP.DisallowShortTernary"/> -->
         <exclude name="WordPress.Files.FileName.InvalidClassFileName"/>
     </rule>