From ea62c2b281459dcb60a51ed8bf4bd0d17922fe18 Mon Sep 17 00:00:00 2001
From: nagao <kanji_nagao@pressman.ne.jp>
Date: Thu, 25 Jul 2019 18:47:05 +0900
Subject: [PATCH 1/2] bigfix

---
 wp-plugin-confirm.php | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/wp-plugin-confirm.php b/wp-plugin-confirm.php
index 1555860..7b06e67 100644
--- a/wp-plugin-confirm.php
+++ b/wp-plugin-confirm.php
@@ -24,6 +24,7 @@ public function __construct() {
 		add_action( 'admin_enqueue_scripts', array( $this, 'load_css_js' ) );
 		add_action( 'wp_dashboard_setup', array( $this, 'add_dashboard_widgets' ) );
 		add_action( 'init', array( $this, 'add_log' ) );
+		add_action( 'init', [ $this, 'add_access_restrictions' ] );
 	}
 
 	public static function get_instance() {
@@ -84,19 +85,40 @@ public function wpc_log_widget() {
 	 * Add plugin enable / disable log to CSV file.
 	 */
 	public function add_log() {
+		global $pagenow;
+
+		if ( $pagenow !== 'plugins.php' ) {
+			return;
+		}
+
 		$action = ( isset ( $_GET['action'] ) ) ? $_GET['action'] : '';
 		$plugin = ( isset ( $_GET['plugin'] ) ) ? $_GET['plugin'] : '';
 		if ( '' === $action || '' === $plugin ) {
 			return;
 		}
+		if ( ( strpos( $action, '(' ) && strpos( $action, ')' ) )
+		     || ( strpos( $plugin, '(' ) && strpos( $plugin, ')' ) ) ) {
+			return;
+		}
 		$this->mkdir( dirname( __FILE__ ) . '/log/', 0700 );
 		$now_datetime = date_i18n( 'Y-m-d H:i:s' );
-		$data         = array( $now_datetime, $action, $plugin );
+		$data         = array( $now_datetime, esc_html( $action ), esc_html( $plugin ) );
 		$fp           = fopen( $this->get_log_file_path(), 'a' );
 		fputcsv( $fp, $data );
 		fclose( $fp );
 	}
 
+	/**
+	 * Restrict access to log files.
+	 */
+	public function add_access_restrictions() {
+		$url = $_SERVER["REQUEST_URI"];
+		if ( strpos( $url, 'wp-plugin-confirm/logs' ) ) {
+			wp_redirect( admin_url() );
+			exit;
+		}
+	}
+
 	/**
 	 * Return log file name
 	 *

From 07911e60163f3f23aed201d35bed0dc510e5abfc Mon Sep 17 00:00:00 2001
From: nagao <kanji_nagao@pressman.ne.jp>
Date: Thu, 25 Jul 2019 19:10:00 +0900
Subject: [PATCH 2/2] bigfix

---
 wp-plugin-confirm.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wp-plugin-confirm.php b/wp-plugin-confirm.php
index 7b06e67..7095f48 100644
--- a/wp-plugin-confirm.php
+++ b/wp-plugin-confirm.php
@@ -114,7 +114,7 @@ public function add_log() {
 	public function add_access_restrictions() {
 		$url = $_SERVER["REQUEST_URI"];
 		if ( strpos( $url, 'wp-plugin-confirm/logs' ) ) {
-			wp_redirect( admin_url() );
+			wp_redirect( home_url() );
 			exit;
 		}
 	}