Project-Pro/carpseeds.pl
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Jacek Pyziak
2024-07-15 11:28:08 +02:00
commit f52d538ea5
21891 changed files with 6161164 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
wp-content/plugins/jetpack.bck/vendor/automattic/jetpack-connection/legacy/class-jetpack-ixr-client.php vendored Normal file
View File

@@ -0,0 +1,122 @@
<?php
/**
* IXR_Client
*
* @package automattic/jetpack-connection
*
* @since 1.5
* @since 7.7 Moved to the jetpack-connection package.
*/
use Automattic\Jetpack\Connection\Client;
use Automattic\Jetpack\Connection\Manager;
/**
* A Jetpack implementation of the WordPress core IXR client.
*/
class Jetpack_IXR_Client extends IXR_Client {
/**
* Jetpack args, used for the remote requests.
*
* @var array
*/
public $jetpack_args = null;
/**
* Constructor.
* Initialize a new Jetpack IXR client instance.
*
* @param array $args Jetpack args, used for the remote requests.
* @param string|bool $path Path to perform the reuqest to.
* @param int $port Port number.
* @param int $timeout The connection timeout, in seconds.
*/
public function __construct( $args = array(), $path = false, $port = 80, $timeout = 15 ) {
$connection = new Manager();
$defaults = array(
'url' => $connection->xmlrpc_api_url(),
'user_id' => 0,
);
$args = wp_parse_args( $args, $defaults );
$this->jetpack_args = $args;
$this->IXR_Client( $args['url'], $path, $port, $timeout );
}
/**
* Perform the IXR request.
*
* @return bool True if request succeeded, false otherwise.
*/
public function query() {
$args = func_get_args();
$method = array_shift( $args );
$request = new IXR_Request( $method, $args );
$xml = trim( $request->getXml() );
$response = Client::remote_request( $this->jetpack_args, $xml );
if ( is_wp_error( $response ) ) {
$this->error = new IXR_Error( -10520, sprintf( 'Jetpack: [%s] %s', $response->get_error_code(), $response->get_error_message() ) );
return false;
}
if ( ! $response ) {
$this->error = new IXR_Error( -10520, 'Jetpack: Unknown Error' );
return false;
}
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$this->error = new IXR_Error( -32300, 'transport error - HTTP status code was not 200' );
return false;
}
$content = wp_remote_retrieve_body( $response );
// Now parse what we've got back.
$this->message = new IXR_Message( $content );
if ( ! $this->message->parse() ) {
// XML error.
$this->error = new IXR_Error( -32700, 'parse error. not well formed' );
return false;
}
// Is the message a fault?
if ( 'fault' === $this->message->messageType ) {
$this->error = new IXR_Error( $this->message->faultCode, $this->message->faultString );
return false;
}
// Message must be OK.
return true;
}
/**
* Retrieve the Jetpack error from the result of the last request.
*
* @param int $fault_code Fault code.
* @param string $fault_string Fault string.
* @return WP_Error Error object.
*/
public function get_jetpack_error( $fault_code = null, $fault_string = null ) {
if ( is_null( $fault_code ) ) {
$fault_code = $this->error->code;
}
if ( is_null( $fault_string ) ) {
$fault_string = $this->error->message;
}
if ( preg_match( '#jetpack:\s+\[(\w+)\]\s*(.*)?$#i', $fault_string, $match ) ) {
$code = $match[1];
$message = $match[2];
$status = $fault_code;
return new \WP_Error( $code, $message, $status );
}
return new \WP_Error( "IXR_{$fault_code}", $fault_string );
}
}

68
wp-content/plugins/jetpack.bck/vendor/automattic/jetpack-connection/legacy/class-jetpack-ixr-clientmulticall.php vendored Normal file
View File

@@ -0,0 +1,68 @@
<?php
/**
* IXR_ClientMulticall
*
* @package automattic/jetpack-connection
*
* @since 1.5
* @since 7.7 Moved to the jetpack-connection package.
*/
/**
* A Jetpack implementation of the WordPress core IXR client, capable of multiple calls in a single request.
*/
class Jetpack_IXR_ClientMulticall extends Jetpack_IXR_Client {
/**
* Storage for the IXR calls.
*
* @var array
*/
public $calls = array();
/**
* Add a IXR call to the client.
* First argument is the method name.
* The rest of the arguments are the params specified to the method.
*/
public function addCall() {
$args = func_get_args();
$method_name = array_shift( $args );
$struct = array(
'methodName' => $method_name,
'params' => $args,
);
$this->calls[] = $struct;
}
/**
* Perform the IXR multicall request.
*
* @return bool True if request succeeded, false otherwise.
*/
public function query() {
usort( $this->calls, array( $this, 'sort_calls' ) );
// Prepare multicall, then call the parent::query() method.
return parent::query( 'system.multicall', $this->calls );
}
/**
* Sort the IXR calls.
* Make sure syncs are always done first.
*
* @param array $a First call in the sorting iteration.
* @param array $b Second call in the sorting iteration.
* @return int Result of the sorting iteration.
*/
public function sort_calls( $a, $b ) {
if ( 'jetpack.syncContent' === $a['methodName'] ) {
return -1;
}
if ( 'jetpack.syncContent' === $b['methodName'] ) {
return 1;
}
return 0;
}
}

344
wp-content/plugins/jetpack.bck/vendor/automattic/jetpack-connection/legacy/class-jetpack-signature.php vendored Normal file
View File

@@ -0,0 +1,344 @@
<?php
/**
* The Jetpack Connection signature class file.
*
* @package automattic/jetpack-connection
*/
use Automattic\Jetpack\Connection\Manager as Connection_Manager;
/**
* The Jetpack Connection signature class that is used to sign requests.
*/
class Jetpack_Signature {
/**
* Token part of the access token.
*
* @access public
* @var string
*/
public $token;
/**
* Access token secret.
*
* @access public
* @var string
*/
public $secret;
/**
* The current request URL.
*
* @access public
* @var string
*/
public $current_request_url;
/**
* Constructor.
*
* @param array $access_token Access token.
* @param int $time_diff Timezone difference (in seconds).
*/
public function __construct( $access_token, $time_diff = 0 ) {
$secret = explode( '.', $access_token );
if ( 2 !== count( $secret ) ) {
return;
}
$this->token = $secret[0];
$this->secret = $secret[1];
$this->time_diff = $time_diff;
}
/**
* Sign the current request.
*
* @todo Implement a proper nonce verification.
*
* @param array $override Optional arguments to override the ones from the current request.
* @return string|WP_Error Request signature, or a WP_Error on failure.
*/
public function sign_current_request( $override = array() ) {
if ( isset( $override['scheme'] ) ) {
$scheme = $override['scheme'];
if ( ! in_array( $scheme, array( 'http', 'https' ), true ) ) {
return new WP_Error( 'invalid_scheme', 'Invalid URL scheme' );
}
} else {
if ( is_ssl() ) {
$scheme = 'https';
} else {
$scheme = 'http';
}
}
$host_port = isset( $_SERVER['HTTP_X_FORWARDED_PORT'] ) ? $_SERVER['HTTP_X_FORWARDED_PORT'] : $_SERVER['SERVER_PORT'];
$host_port = intval( $host_port );
/**
* Note: This port logic is tested in the Jetpack_Cxn_Tests->test__server_port_value() test.
* Please update the test if any changes are made in this logic.
*/
if ( is_ssl() ) {
// 443: Standard Port
// 80: Assume we're behind a proxy without X-Forwarded-Port. Hardcoding "80" here means most sites
// with SSL termination proxies (self-served, Cloudflare, etc.) don't need to fiddle with
// the JETPACK_SIGNATURE__HTTPS_PORT constant. The code also implies we can't talk to a
// site at https://example.com:80/ (which would be a strange configuration).
// JETPACK_SIGNATURE__HTTPS_PORT: Set this constant in wp-config.php to the back end webserver's port
// if the site is behind a proxy running on port 443 without
// X-Forwarded-Port and the back end's port is *not* 80. It's better,
// though, to configure the proxy to send X-Forwarded-Port.
$https_port = defined( 'JETPACK_SIGNATURE__HTTPS_PORT' ) ? JETPACK_SIGNATURE__HTTPS_PORT : 443;
$port = in_array( $host_port, array( 443, 80, $https_port ), false ) ? '' : $host_port; // phpcs:ignore WordPress.PHP.StrictInArray.FoundNonStrictFalse
} else {
// 80: Standard Port
// JETPACK_SIGNATURE__HTTPS_PORT: Set this constant in wp-config.php to the back end webserver's port
// if the site is behind a proxy running on port 80 without
// X-Forwarded-Port. It's better, though, to configure the proxy to
// send X-Forwarded-Port.
$http_port = defined( 'JETPACK_SIGNATURE__HTTP_PORT' ) ? JETPACK_SIGNATURE__HTTP_PORT : 80;
$port = in_array( $host_port, array( 80, $http_port ), false ) ? '' : $host_port; // phpcs:ignore WordPress.PHP.StrictInArray.FoundNonStrictFalse
}
$this->current_request_url = "{$scheme}://{$_SERVER['HTTP_HOST']}:{$port}" . stripslashes( $_SERVER['REQUEST_URI'] );
if ( array_key_exists( 'body', $override ) && ! empty( $override['body'] ) ) {
$body = $override['body'];
} elseif ( 'POST' === strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
$body = isset( $GLOBALS['HTTP_RAW_POST_DATA'] ) ? $GLOBALS['HTTP_RAW_POST_DATA'] : null;
// Convert the $_POST to the body, if the body was empty. This is how arrays are hashed
// and encoded on the Jetpack side.
if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
// phpcs:ignore WordPress.Security.NonceVerification.Missing
if ( empty( $body ) && is_array( $_POST ) && count( $_POST ) > 0 ) {
$body = $_POST; // phpcs:ignore WordPress.Security.NonceVerification.Missing
}
}
} elseif ( 'PUT' === strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
// This is a little strange-looking, but there doesn't seem to be another way to get the PUT body.
$raw_put_data = file_get_contents( 'php://input' );
parse_str( $raw_put_data, $body );
if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
$put_data = json_decode( $raw_put_data, true );
if ( is_array( $put_data ) && count( $put_data ) > 0 ) {
$body = $put_data;
}
}
} else {
$body = null;
}
if ( empty( $body ) ) {
$body = null;
}
$a = array();
foreach ( array( 'token', 'timestamp', 'nonce', 'body-hash' ) as $parameter ) {
if ( isset( $override[ $parameter ] ) ) {
$a[ $parameter ] = $override[ $parameter ];
} else {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
$a[ $parameter ] = isset( $_GET[ $parameter ] ) ? stripslashes( $_GET[ $parameter ] ) : '';
}
}
$method = isset( $override['method'] ) ? $override['method'] : $_SERVER['REQUEST_METHOD'];
return $this->sign_request( $a['token'], $a['timestamp'], $a['nonce'], $a['body-hash'], $method, $this->current_request_url, $body, true );
}
/**
* Sign a specified request.
*
* @todo Having body_hash v. body-hash is annoying. Refactor to accept an array?
* @todo Use wp_json_encode() instead of json_encode()?
*
* @param string $token Request token.
* @param int $timestamp Timestamp of the request.
* @param string $nonce Request nonce.
* @param string $body_hash Request body hash.
* @param string $method Request method.
* @param string $url Request URL.
* @param mixed $body Request body.
* @param bool $verify_body_hash Whether to verify the body hash against the body.
* @return string|WP_Error Request signature, or a WP_Error on failure.
*/
public function sign_request( $token = '', $timestamp = 0, $nonce = '', $body_hash = '', $method = '', $url = '', $body = null, $verify_body_hash = true ) {
if ( ! $this->secret ) {
return new WP_Error( 'invalid_secret', 'Invalid secret' );
}
if ( ! $this->token ) {
return new WP_Error( 'invalid_token', 'Invalid token' );
}
list( $token ) = explode( '.', $token );
$signature_details = compact( 'token', 'timestamp', 'nonce', 'body_hash', 'method', 'url' );
if ( 0 !== strpos( $token, "$this->token:" ) ) {
return new WP_Error( 'token_mismatch', 'Incorrect token', compact( 'signature_details' ) );
}
// If we got an array at this point, let's encode it, so we can see what it looks like as a string.
if ( is_array( $body ) ) {
if ( count( $body ) > 0 ) {
// phpcs:ignore WordPress.WP.AlternativeFunctions.json_encode_json_encode
$body = json_encode( $body );
} else {
$body = '';
}
}
$required_parameters = array( 'token', 'timestamp', 'nonce', 'method', 'url' );
if ( ! is_null( $body ) ) {
$required_parameters[] = 'body_hash';
if ( ! is_string( $body ) ) {
return new WP_Error( 'invalid_body', 'Body is malformed.', compact( 'signature_details' ) );
}
}
foreach ( $required_parameters as $required ) {
if ( ! is_scalar( $$required ) ) {
return new WP_Error( 'invalid_signature', sprintf( 'The required "%s" parameter is malformed.', str_replace( '_', '-', $required ) ), compact( 'signature_details' ) );
}
if ( ! strlen( $$required ) ) {
return new WP_Error( 'invalid_signature', sprintf( 'The required "%s" parameter is missing.', str_replace( '_', '-', $required ) ), compact( 'signature_details' ) );
}
}
if ( empty( $body ) ) {
if ( $body_hash ) {
return new WP_Error( 'invalid_body_hash', 'Invalid body hash for empty body.', compact( 'signature_details' ) );
}
} else {
$connection = new Connection_Manager();
if ( $verify_body_hash && $connection->sha1_base64( $body ) !== $body_hash ) {
return new WP_Error( 'invalid_body_hash', 'The body hash does not match.', compact( 'signature_details' ) );
}
}
$parsed = wp_parse_url( $url );
if ( ! isset( $parsed['host'] ) ) {
return new WP_Error( 'invalid_signature', sprintf( 'The required "%s" parameter is malformed.', 'url' ), compact( 'signature_details' ) );
}
if ( ! empty( $parsed['port'] ) ) {
$port = $parsed['port'];
} else {
if ( 'http' === $parsed['scheme'] ) {
$port = 80;
} elseif ( 'https' === $parsed['scheme'] ) {
$port = 443;
} else {
return new WP_Error( 'unknown_scheme_port', "The scheme's port is unknown", compact( 'signature_details' ) );
}
}
if ( ! ctype_digit( "$timestamp" ) || 10 < strlen( $timestamp ) ) { // If Jetpack is around in 275 years, you can blame mdawaffe for the bug.
return new WP_Error( 'invalid_signature', sprintf( 'The required "%s" parameter is malformed.', 'timestamp' ), compact( 'signature_details' ) );
}
$local_time = $timestamp - $this->time_diff;
if ( $local_time < time() - 600 || $local_time > time() + 300 ) {
return new WP_Error( 'invalid_signature', 'The timestamp is too old.', compact( 'signature_details' ) );
}
if ( 12 < strlen( $nonce ) || preg_match( '/[^a-zA-Z0-9]/', $nonce ) ) {
return new WP_Error( 'invalid_signature', sprintf( 'The required "%s" parameter is malformed.', 'nonce' ), compact( 'signature_details' ) );
}
$normalized_request_pieces = array(
$token,
$timestamp,
$nonce,
$body_hash,
strtoupper( $method ),
strtolower( $parsed['host'] ),
$port,
$parsed['path'],
// Normalized Query String.
);
$normalized_request_pieces = array_merge( $normalized_request_pieces, $this->normalized_query_parameters( isset( $parsed['query'] ) ? $parsed['query'] : '' ) );
$flat_normalized_request_pieces = array();
foreach ( $normalized_request_pieces as $piece ) {
if ( is_array( $piece ) ) {
foreach ( $piece as $subpiece ) {
$flat_normalized_request_pieces[] = $subpiece;
}
} else {
$flat_normalized_request_pieces[] = $piece;
}
}
$normalized_request_pieces = $flat_normalized_request_pieces;
$normalized_request_string = join( "\n", $normalized_request_pieces ) . "\n";
// phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
return base64_encode( hash_hmac( 'sha1', $normalized_request_string, $this->secret, true ) );
}
/**
* Retrieve and normalize the parameters from a query string.
*
* @param string $query_string Query string.
* @return array Normalized query string parameters.
*/
public function normalized_query_parameters( $query_string ) {
parse_str( $query_string, $array );
unset( $array['signature'] );
$names = array_keys( $array );
$values = array_values( $array );
$names = array_map( array( $this, 'encode_3986' ), $names );
$values = array_map( array( $this, 'encode_3986' ), $values );
$pairs = array_map( array( $this, 'join_with_equal_sign' ), $names, $values );
sort( $pairs );
return $pairs;
}
/**
* Encodes a string or array of strings according to RFC 3986.
*
* @param string|array $string_or_array String or array to encode.
* @return string|array URL-encoded string or array.
*/
public function encode_3986( $string_or_array ) {
if ( is_array( $string_or_array ) ) {
return array_map( array( $this, 'encode_3986' ), $string_or_array );
}
return rawurlencode( $string_or_array );
}
/**
* Concatenates a parameter name and a parameter value with an equals sign between them.
* Supports one-dimensional arrays as `$value`.
*
* @param string $name Parameter name.
* @param mixed $value Parameter value.
* @return string A pair with parameter name and value (e.g. `name=value`).
*/
public function join_with_equal_sign( $name, $value ) {
if ( is_array( $value ) ) {
$result = array();
foreach ( $value as $array_key => $array_value ) {
$result[] = $name . '[' . $array_key . ']=' . $array_value;
}
return $result;
}
return "{$name}={$value}";
}
}

943
wp-content/plugins/jetpack.bck/vendor/automattic/jetpack-connection/legacy/class-jetpack-xmlrpc-server.php vendored Normal file
View File

@@ -0,0 +1,943 @@
<?php
/**
* Jetpack XMLRPC Server.
*
* @package automattic/jetpack-connection
*/
use Automattic\Jetpack\Connection\Client;
use Automattic\Jetpack\Connection\Manager as Connection_Manager;
use Automattic\Jetpack\Connection\Utils as Connection_Utils;
use Automattic\Jetpack\Roles;
use Automattic\Jetpack\Sync\Modules;
use Automattic\Jetpack\Sync\Functions;
use Automattic\Jetpack\Sync\Sender;
/**
* Just a sack of functions. Not actually an IXR_Server
*/
class Jetpack_XMLRPC_Server {
/**
* The current error object
*
* @var \WP_Error
*/
public $error = null;
/**
* The current user
*
* @var \WP_User
*/
public $user = null;
/**
* The connection manager object.
*
* @var Automattic\Jetpack\Connection\Manager
*/
private $connection;
/**
* Creates a new XMLRPC server object.
*
* @param Automattic\Jetpack\Connection\Manager $manager the connection manager object.
*/
public function __construct( $manager = null ) {
$this->connection = is_null( $manager ) ? new Connection_Manager() : $manager;
}
/**
* Whitelist of the XML-RPC methods available to the Jetpack Server. If the
* user is not authenticated (->login()) then the methods are never added,
* so they will get a "does not exist" error.
*
* @param array $core_methods Core XMLRPC methods.
*/
public function xmlrpc_methods( $core_methods ) {
$jetpack_methods = array(
'jetpack.jsonAPI' => array( $this, 'json_api' ),
'jetpack.verifyAction' => array( $this, 'verify_action' ),
'jetpack.getUser' => array( $this, 'get_user' ),
'jetpack.remoteRegister' => array( $this, 'remote_register' ),
'jetpack.remoteProvision' => array( $this, 'remote_provision' ),
);
$this->user = $this->login();
if ( $this->user ) {
$jetpack_methods = array_merge(
$jetpack_methods,
array(
'jetpack.testConnection' => array( $this, 'test_connection' ),
'jetpack.testAPIUserCode' => array( $this, 'test_api_user_code' ),
'jetpack.featuresAvailable' => array( $this, 'features_available' ),
'jetpack.featuresEnabled' => array( $this, 'features_enabled' ),
'jetpack.disconnectBlog' => array( $this, 'disconnect_blog' ),
'jetpack.unlinkUser' => array( $this, 'unlink_user' ),
'jetpack.idcUrlValidation' => array( $this, 'validate_urls_for_idc_mitigation' ),
)
);
if ( isset( $core_methods['metaWeblog.editPost'] ) ) {
$jetpack_methods['metaWeblog.newMediaObject'] = $core_methods['metaWeblog.newMediaObject'];
$jetpack_methods['jetpack.updateAttachmentParent'] = array( $this, 'update_attachment_parent' );
}
/**
* Filters the XML-RPC methods available to Jetpack for authenticated users.
*
* @since 1.1.0
*
* @param array $jetpack_methods XML-RPC methods available to the Jetpack Server.
* @param array $core_methods Available core XML-RPC methods.
* @param \WP_User $user Information about a given WordPress user.
*/
$jetpack_methods = apply_filters( 'jetpack_xmlrpc_methods', $jetpack_methods, $core_methods, $this->user );
}
/**
* Filters the XML-RPC methods available to Jetpack for unauthenticated users.
*
* @since 3.0.0
*
* @param array $jetpack_methods XML-RPC methods available to the Jetpack Server.
* @param array $core_methods Available core XML-RPC methods.
*/
return apply_filters( 'jetpack_xmlrpc_unauthenticated_methods', $jetpack_methods, $core_methods );
}
/**
* Whitelist of the bootstrap XML-RPC methods
*/
public function bootstrap_xmlrpc_methods() {
return array(
'jetpack.remoteAuthorize' => array( $this, 'remote_authorize' ),
'jetpack.remoteRegister' => array( $this, 'remote_register' ),
);
}
/**
* Additional method needed for authorization calls.
*/
public function authorize_xmlrpc_methods() {
return array(
'jetpack.remoteAuthorize' => array( $this, 'remote_authorize' ),
);
}
/**
* Remote provisioning methods.
*/
public function provision_xmlrpc_methods() {
return array(
'jetpack.remoteRegister' => array( $this, 'remote_register' ),
'jetpack.remoteProvision' => array( $this, 'remote_provision' ),
'jetpack.remoteConnect' => array( $this, 'remote_connect' ),
'jetpack.getUser' => array( $this, 'get_user' ),
);
}
/**
* Used to verify whether a local user exists and what role they have.
*
* @param int|string|array $request One of:
* int|string The local User's ID, username, or email address.
* array A request array containing:
* 0: int|string The local User's ID, username, or email address.
*
* @return array|\IXR_Error Information about the user, or error if no such user found:
* roles: string[] The user's rols.
* login: string The user's username.
* email_hash string[] The MD5 hash of the user's normalized email address.
* caps string[] The user's capabilities.
* allcaps string[] The user's granular capabilities, merged from role capabilities.
* token_key string The Token Key of the user's Jetpack token. Empty string if none.
*/
public function get_user( $request ) {
$user_id = is_array( $request ) ? $request[0] : $request;
if ( ! $user_id ) {
return $this->error(
new Jetpack_Error(
'invalid_user',
__( 'Invalid user identifier.', 'jetpack' ),
400
),
'get_user'
);
}
$user = $this->get_user_by_anything( $user_id );
if ( ! $user ) {
return $this->error(
new Jetpack_Error(
'user_unknown',
__( 'User not found.', 'jetpack' ),
404
),
'get_user'
);
}
$user_token = $this->connection->get_access_token( $user->ID );
if ( $user_token ) {
list( $user_token_key ) = explode( '.', $user_token->secret );
if ( $user_token_key === $user_token->secret ) {
$user_token_key = '';
}
} else {
$user_token_key = '';
}
return array(
'id' => $user->ID,
'login' => $user->user_login,
'email_hash' => md5( strtolower( trim( $user->user_email ) ) ),
'roles' => $user->roles,
'caps' => $user->caps,
'allcaps' => $user->allcaps,
'token_key' => $user_token_key,
);
}
/**
* Remote authorization XMLRPC method handler.
*
* @param array $request the request.
*/
public function remote_authorize( $request ) {
$user = get_user_by( 'id', $request['state'] );
/**
* Happens on various request handling events in the Jetpack XMLRPC server.
* The action combines several types of events:
* - remote_authorize
* - remote_provision
* - get_user.
*
* @since 8.0.0
*
* @param String $action the action name, i.e., 'remote_authorize'.
* @param String $stage the execution stage, can be 'begin', 'success', 'error', etc.
* @param Array $parameters extra parameters from the event.
* @param WP_User $user the acting user.
*/
do_action( 'jetpack_xmlrpc_server_event', 'remote_authorize', 'begin', array(), $user );
foreach ( array( 'secret', 'state', 'redirect_uri', 'code' ) as $required ) {
if ( ! isset( $request[ $required ] ) || empty( $request[ $required ] ) ) {
return $this->error(
new Jetpack_Error( 'missing_parameter', 'One or more parameters is missing from the request.', 400 ),
'remote_authorize'
);
}
}
if ( ! $user ) {
return $this->error( new Jetpack_Error( 'user_unknown', 'User not found.', 404 ), 'remote_authorize' );
}
if ( $this->connection->is_active() && $this->connection->is_user_connected( $request['state'] ) ) {
return $this->error( new Jetpack_Error( 'already_connected', 'User already connected.', 400 ), 'remote_authorize' );
}
$verified = $this->verify_action( array( 'authorize', $request['secret'], $request['state'] ) );
if ( is_a( $verified, 'IXR_Error' ) ) {
return $this->error( $verified, 'remote_authorize' );
}
wp_set_current_user( $request['state'] );
$result = $this->connection->authorize( $request );
if ( is_wp_error( $result ) ) {
return $this->error( $result, 'remote_authorize' );
}
// This action is documented in class.jetpack-xmlrpc-server.php.
do_action( 'jetpack_xmlrpc_server_event', 'remote_authorize', 'success' );
return array(
'result' => $result,
);
}
/**
* This XML-RPC method is called from the /jpphp/provision endpoint on WPCOM in order to
* register this site so that a plan can be provisioned.
*
* @param array $request An array containing at minimum nonce and local_user keys.
*
* @return \WP_Error|array
*/
public function remote_register( $request ) {
// This action is documented in class.jetpack-xmlrpc-server.php.
do_action( 'jetpack_xmlrpc_server_event', 'remote_register', 'begin', array() );
$user = $this->fetch_and_verify_local_user( $request );
if ( ! $user ) {
return $this->error(
new WP_Error( 'input_error', __( 'Valid user is required', 'jetpack' ), 400 ),
'remote_register'
);
}
if ( is_wp_error( $user ) || is_a( $user, 'IXR_Error' ) ) {
return $this->error( $user, 'remote_register' );
}
if ( empty( $request['nonce'] ) ) {
return $this->error(
new Jetpack_Error(
'nonce_missing',
__( 'The required "nonce" parameter is missing.', 'jetpack' ),
400
),
'remote_register'
);
}
$nonce = sanitize_text_field( $request['nonce'] );
unset( $request['nonce'] );
$api_url = Connection_Utils::fix_url_for_bad_hosts(
$this->connection->api_url( 'partner_provision_nonce_check' )
);
$response = Client::_wp_remote_request(
esc_url_raw( add_query_arg( 'nonce', $nonce, $api_url ) ),
array( 'method' => 'GET' ),
true
);
if (
200 !== wp_remote_retrieve_response_code( $response ) ||
'OK' !== trim( wp_remote_retrieve_body( $response ) )
) {
return $this->error(
new Jetpack_Error(
'invalid_nonce',
__( 'There was an issue validating this request.', 'jetpack' ),
400
),
'remote_register'
);
}
if ( ! Jetpack_Options::get_option( 'id' ) || ! $this->connection->get_access_token() || ! empty( $request['force'] ) ) {
wp_set_current_user( $user->ID );
// This code mostly copied from Jetpack::admin_page_load.
Jetpack::maybe_set_version_option();
$registered = Jetpack::try_registration();
if ( is_wp_error( $registered ) ) {
return $this->error( $registered, 'remote_register' );
} elseif ( ! $registered ) {
return $this->error(
new Jetpack_Error(
'registration_error',
__( 'There was an unspecified error registering the site', 'jetpack' ),
400
),
'remote_register'
);
}
}
// This action is documented in class.jetpack-xmlrpc-server.php.
do_action( 'jetpack_xmlrpc_server_event', 'remote_register', 'success' );
return array(
'client_id' => Jetpack_Options::get_option( 'id' ),
);
}
/**
* This XML-RPC method is called from the /jpphp/provision endpoint on WPCOM in order to
* register this site so that a plan can be provisioned.
*
* @param array $request An array containing at minimum a nonce key and a local_username key.
*
* @return \WP_Error|array
*/
public function remote_provision( $request ) {
$user = $this->fetch_and_verify_local_user( $request );
if ( ! $user ) {
return $this->error(
new WP_Error( 'input_error', __( 'Valid user is required', 'jetpack' ), 400 ),
'remote_provision'
);
}
if ( is_wp_error( $user ) || is_a( $user, 'IXR_Error' ) ) {
return $this->error( $user, 'remote_provision' );
}
$site_icon = get_site_icon_url();
$auto_enable_sso = ( ! $this->connection->is_active() || Jetpack::is_module_active( 'sso' ) );
/** This filter is documented in class.jetpack-cli.php */
if ( apply_filters( 'jetpack_start_enable_sso', $auto_enable_sso ) ) {
$redirect_uri = add_query_arg(
array(
'action' => 'jetpack-sso',
'redirect_to' => rawurlencode( admin_url() ),
),
wp_login_url() // TODO: come back to Jetpack dashboard?
);
} else {
$redirect_uri = admin_url();
}
// Generate secrets.
$roles = new Roles();
$role = $roles->translate_user_to_role( $user );
$secrets = $this->connection->generate_secrets( 'authorize', $user->ID );
$response = array(
'jp_version' => JETPACK__VERSION,
'redirect_uri' => $redirect_uri,
'user_id' => $user->ID,
'user_email' => $user->user_email,
'user_login' => $user->user_login,
'scope' => $this->connection->sign_role( $role, $user->ID ),
'secret' => $secrets['secret_1'],
'is_active' => $this->connection->is_active(),
);
if ( $site_icon ) {
$response['site_icon'] = $site_icon;
}
if ( ! empty( $request['onboarding'] ) ) {
Jetpack::create_onboarding_token();
$response['onboarding_token'] = Jetpack_Options::get_option( 'onboarding' );
}
return $response;
}
/**
* Given an array containing a local user identifier and a nonce, will attempt to fetch and set
* an access token for the given user.
*
* @param array $request An array containing local_user and nonce keys at minimum.
* @param \IXR_Client $ixr_client The client object, optional.
* @return mixed
*/
public function remote_connect( $request, $ixr_client = false ) {
if ( $this->connection->is_active() ) {
return $this->error(
new WP_Error(
'already_connected',
__( 'Jetpack is already connected.', 'jetpack' ),
400
),
'remote_connect'
);
}
$user = $this->fetch_and_verify_local_user( $request );
if ( ! $user || is_wp_error( $user ) || is_a( $user, 'IXR_Error' ) ) {
return $this->error(
new WP_Error(
'input_error',
__( 'Valid user is required.', 'jetpack' ),
400
),
'remote_connect'
);
}
if ( empty( $request['nonce'] ) ) {
return $this->error(
new WP_Error(
'input_error',
__( 'A non-empty nonce must be supplied.', 'jetpack' ),
400
),
'remote_connect'
);
}
if ( ! $ixr_client ) {
$ixr_client = new Jetpack_IXR_Client();
}
$ixr_client->query(
'jetpack.getUserAccessToken',
array(
'nonce' => sanitize_text_field( $request['nonce'] ),
'external_user_id' => $user->ID,
)
);
$token = $ixr_client->isError() ? false : $ixr_client->getResponse();
if ( empty( $token ) ) {
return $this->error(
new WP_Error(
'token_fetch_failed',
__( 'Failed to fetch user token from WordPress.com.', 'jetpack' ),
400
),
'remote_connect'
);
}
$token = sanitize_text_field( $token );
Connection_Utils::update_user_token( $user->ID, sprintf( '%s.%d', $token, $user->ID ), true );
$this->do_post_authorization();
return $this->connection->is_active();
}
/**
* Getter for the local user to act as.
*
* @param array $request the current request data.
*/
private function fetch_and_verify_local_user( $request ) {
if ( empty( $request['local_user'] ) ) {
return $this->error(
new Jetpack_Error(
'local_user_missing',
__( 'The required "local_user" parameter is missing.', 'jetpack' ),
400
),
'remote_provision'
);
}
// Local user is used to look up by login, email or ID.
$local_user_info = $request['local_user'];
return $this->get_user_by_anything( $local_user_info );
}
/**
* Gets the user object by its data.
*
* @param string $user_id can be any identifying user data.
*/
private function get_user_by_anything( $user_id ) {
$user = get_user_by( 'login', $user_id );
if ( ! $user ) {
$user = get_user_by( 'email', $user_id );
}
if ( ! $user ) {
$user = get_user_by( 'ID', $user_id );
}
return $user;
}
/**
* Possible error_codes:
*
* - verify_secret_1_missing
* - verify_secret_1_malformed
* - verify_secrets_missing: verification secrets are not found in database
* - verify_secrets_incomplete: verification secrets are only partially found in database
* - verify_secrets_expired: verification secrets have expired
* - verify_secrets_mismatch: stored secret_1 does not match secret_1 sent by Jetpack.WordPress.com
* - state_missing: required parameter of state not found
* - state_malformed: state is not a digit
* - invalid_state: state in request does not match the stored state
*
* The 'authorize' and 'register' actions have additional error codes
*
* state_missing: a state ( user id ) was not supplied
* state_malformed: state is not the correct data type
* invalid_state: supplied state does not match the stored state
*
* @param array $params action An array of 3 parameters:
* [0]: string action. Possible values are `authorize`, `publicize` and `register`.
* [1]: string secret_1.
* [2]: int state.
* @return \IXR_Error|string IXR_Error on failure, secret_2 on success.
*/
public function verify_action( $params ) {
$action = isset( $params[0] ) ? $params[0] : '';
$verify_secret = isset( $params[1] ) ? $params[1] : '';
$state = isset( $params[2] ) ? $params[2] : '';
$result = $this->connection->verify_secrets( $action, $verify_secret, $state );
if ( is_wp_error( $result ) ) {
return $this->error( $result );
}
return $result;
}
/**
* Wrapper for wp_authenticate( $username, $password );
*
* @return \WP_User|bool
*/
public function login() {
$this->connection->require_jetpack_authentication();
$user = wp_authenticate( 'username', 'password' );
if ( is_wp_error( $user ) ) {
if ( 'authentication_failed' === $user->get_error_code() ) { // Generic error could mean most anything.
$this->error = new Jetpack_Error( 'invalid_request', 'Invalid Request', 403 );
} else {
$this->error = $user;
}
return false;
} elseif ( ! $user ) { // Shouldn't happen.
$this->error = new Jetpack_Error( 'invalid_request', 'Invalid Request', 403 );
return false;
}
return $user;
}
/**
* Returns the current error as an \IXR_Error
*
* @param \WP_Error|\IXR_Error $error The error object, optional.
* @param string $event_name The event name.
* @param \WP_User $user The user object.
* @return bool|\IXR_Error
*/
public function error( $error = null, $event_name = null, $user = null ) {
if ( null !== $event_name ) {
// This action is documented in class.jetpack-xmlrpc-server.php.
do_action( 'jetpack_xmlrpc_server_event', $event_name, 'fail', $error, $user );
}
if ( ! is_null( $error ) ) {
$this->error = $error;
}
if ( is_wp_error( $this->error ) ) {
$code = $this->error->get_error_data();
if ( ! $code ) {
$code = -10520;
}
$message = sprintf( 'Jetpack: [%s] %s', $this->error->get_error_code(), $this->error->get_error_message() );
return new \IXR_Error( $code, $message );
} elseif ( is_a( $this->error, 'IXR_Error' ) ) {
return $this->error;
}
return false;
}
/* API Methods */
/**
* Just authenticates with the given Jetpack credentials.
*
* @return string The current Jetpack version number
*/
public function test_connection() {
return JETPACK__VERSION;
}
/**
* Test the API user code.
*
* @param array $args arguments identifying the test site.
*/
public function test_api_user_code( $args ) {
$client_id = (int) $args[0];
$user_id = (int) $args[1];
$nonce = (string) $args[2];
$verify = (string) $args[3];
if ( ! $client_id || ! $user_id || ! strlen( $nonce ) || 32 !== strlen( $verify ) ) {
return false;
}
$user = get_user_by( 'id', $user_id );
if ( ! $user || is_wp_error( $user ) ) {
return false;
}
/* phpcs:ignore
debugging
error_log( "CLIENT: $client_id" );
error_log( "USER: $user_id" );
error_log( "NONCE: $nonce" );
error_log( "VERIFY: $verify" );
*/
$jetpack_token = $this->connection->get_access_token( $user_id );
$api_user_code = get_user_meta( $user_id, "jetpack_json_api_$client_id", true );
if ( ! $api_user_code ) {
return false;
}
$hmac = hash_hmac(
'md5',
json_encode( // phpcs:ignore WordPress.WP.AlternativeFunctions.json_encode_json_encode
(object) array(
'client_id' => (int) $client_id,
'user_id' => (int) $user_id,
'nonce' => (string) $nonce,
'code' => (string) $api_user_code,
)
),
$jetpack_token->secret
);
if ( ! hash_equals( $hmac, $verify ) ) {
return false;
}
return $user_id;
}
/**
* Disconnect this blog from the connected wordpress.com account
*
* @return boolean
*/
public function disconnect_blog() {
// For tracking.
if ( ! empty( $this->user->ID ) ) {
wp_set_current_user( $this->user->ID );
}
/**
* Fired when we want to log an event to the Jetpack event log.
*
* @since 7.7.0
*
* @param string $code Unique name for the event.
* @param string $data Optional data about the event.
*/
do_action( 'jetpack_event_log', 'disconnect' );
Jetpack::disconnect();
return true;
}
/**
* Unlink a user from WordPress.com
*
* This will fail if called by the Master User.
*/
public function unlink_user() {
/**
* Fired when we want to log an event to the Jetpack event log.
*
* @since 7.7.0
*
* @param string $code Unique name for the event.
* @param string $data Optional data about the event.
*/
do_action( 'jetpack_event_log', 'unlink' );
return Connection_Manager::disconnect_user();
}
/**
* Returns any object that is able to be synced.
*
* @deprecated since 7.8.0
* @see Automattic\Jetpack\Sync\Sender::sync_object()
*
* @param array $args the synchronized object parameters.
* @return string Encoded sync object.
*/
public function sync_object( $args ) {
_deprecated_function( __METHOD__, 'jetpack-7.8', 'Automattic\\Jetpack\\Sync\\Sender::sync_object' );
return Sender::get_instance()->sync_object( $args );
}
/**
* Returns the home URL and site URL for the current site which can be used on the WPCOM side for
* IDC mitigation to decide whether sync should be allowed if the home and siteurl values differ between WPCOM
* and the remote Jetpack site.
*
* @return array
*/
public function validate_urls_for_idc_mitigation() {
return array(
'home' => Functions::home_url(),
'siteurl' => Functions::site_url(),
);
}
/**
* Returns what features are available. Uses the slug of the module files.
*
* @return array
*/
public function features_available() {
$raw_modules = Jetpack::get_available_modules();
$modules = array();
foreach ( $raw_modules as $module ) {
$modules[] = Jetpack::get_module_slug( $module );
}
return $modules;
}
/**
* Returns what features are enabled. Uses the slug of the modules files.
*
* @return array
*/
public function features_enabled() {
$raw_modules = Jetpack::get_active_modules();
$modules = array();
foreach ( $raw_modules as $module ) {
$modules[] = Jetpack::get_module_slug( $module );
}
return $modules;
}
/**
* Updates the attachment parent object.
*
* @param array $args attachment and parent identifiers.
*/
public function update_attachment_parent( $args ) {
$attachment_id = (int) $args[0];
$parent_id = (int) $args[1];
return wp_update_post(
array(
'ID' => $attachment_id,
'post_parent' => $parent_id,
)
);
}
/**
* Serve a JSON API request.
*
* @param array $args request arguments.
*/
public function json_api( $args = array() ) {
$json_api_args = $args[0];
$verify_api_user_args = $args[1];
$method = (string) $json_api_args[0];
$url = (string) $json_api_args[1];
$post_body = is_null( $json_api_args[2] ) ? null : (string) $json_api_args[2];
$user_details = (array) $json_api_args[4];
$locale = (string) $json_api_args[5];
if ( ! $verify_api_user_args ) {
$user_id = 0;
} elseif ( 'internal' === $verify_api_user_args[0] ) {
$user_id = (int) $verify_api_user_args[1];
if ( $user_id ) {
$user = get_user_by( 'id', $user_id );
if ( ! $user || is_wp_error( $user ) ) {
return false;
}
}
} else {
$user_id = call_user_func( array( $this, 'test_api_user_code' ), $verify_api_user_args );
if ( ! $user_id ) {
return false;
}
}
/* phpcs:ignore
debugging
error_log( "-- begin json api via jetpack debugging -- " );
error_log( "METHOD: $method" );
error_log( "URL: $url" );
error_log( "POST BODY: $post_body" );
error_log( "VERIFY_ARGS: " . print_r( $verify_api_user_args, 1 ) );
error_log( "VERIFIED USER_ID: " . (int) $user_id );
error_log( "-- end json api via jetpack debugging -- " );
*/
if ( 'en' !== $locale ) {
// .org mo files are named slightly different from .com, and all we have is this the locale -- try to guess them.
$new_locale = $locale;
if ( strpos( $locale, '-' ) !== false ) {
$locale_pieces = explode( '-', $locale );
$new_locale = $locale_pieces[0];
$new_locale .= ( ! empty( $locale_pieces[1] ) ) ? '_' . strtoupper( $locale_pieces[1] ) : '';
} else {
// .com might pass 'fr' because thats what our language files are named as, where core seems
// to do fr_FR - so try that if we don't think we can load the file.
if ( ! file_exists( WP_LANG_DIR . '/' . $locale . '.mo' ) ) {
$new_locale = $locale . '_' . strtoupper( $locale );
}
}
if ( file_exists( WP_LANG_DIR . '/' . $new_locale . '.mo' ) ) {
unload_textdomain( 'default' );
load_textdomain( 'default', WP_LANG_DIR . '/' . $new_locale . '.mo' );
}
}
$old_user = wp_get_current_user();
wp_set_current_user( $user_id );
if ( $user_id ) {
$token_key = false;
} else {
$verified = $this->connection->verify_xml_rpc_signature();
$token_key = $verified['token_key'];
}
$token = $this->connection->get_access_token( $user_id, $token_key );
if ( ! $token || is_wp_error( $token ) ) {
return false;
}
define( 'REST_API_REQUEST', true );
define( 'WPCOM_JSON_API__BASE', 'public-api.wordpress.com/rest/v1' );
// needed?
require_once ABSPATH . 'wp-admin/includes/admin.php';
require_once JETPACK__PLUGIN_DIR . 'class.json-api.php';
$api = WPCOM_JSON_API::init( $method, $url, $post_body );
$api->token_details['user'] = $user_details;
require_once JETPACK__PLUGIN_DIR . 'class.json-api-endpoints.php';
$display_errors = ini_set( 'display_errors', 0 ); // phpcs:ignore WordPress.PHP.IniSet
ob_start();
$api->serve( false );
$output = ob_get_clean();
ini_set( 'display_errors', $display_errors ); // phpcs:ignore WordPress.PHP.IniSet
$nonce = wp_generate_password( 10, false );
$hmac = hash_hmac( 'md5', $nonce . $output, $token->secret );
wp_set_current_user( isset( $old_user->ID ) ? $old_user->ID : 0 );
return array(
(string) $output,
(string) $nonce,
(string) $hmac,
);
}
/**
* Handles authorization actions after connecting a site, such as enabling modules.
*
* This do_post_authorization() is used in this class, as opposed to calling
* Jetpack::handle_post_authorization_actions() directly so that we can mock this method as necessary.
*
* @return void
*/
public function do_post_authorization() {
/** This filter is documented in class.jetpack-cli.php */
$enable_sso = apply_filters( 'jetpack_start_enable_sso', true );
Jetpack::handle_post_authorization_actions( $enable_sso, false, false );
}
}

13
wp-content/plugins/jetpack.bck/vendor/automattic/jetpack-connection/legacy/load-ixr.php vendored Normal file
View File

@@ -0,0 +1,13 @@
<?php
/**
* WordPress IXR classes aren't always loaded by default.
*
* Here we ensure that they are loaded before we declare our implementations.
*
* @package automattic/jetpack-connection
* @since 7.7
*/
if ( defined( 'ABSPATH' ) && defined( 'WPINC' ) ) {
require_once ABSPATH . WPINC . '/class-IXR.php';
}

455
wp-content/plugins/jetpack.bck/vendor/automattic/jetpack-connection/src/class-client.php vendored Normal file
View File

@@ -0,0 +1,455 @@
<?php
/**
* The Connection Client class file.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
use Automattic\Jetpack\Constants;
/**
* The Client class that is used to connect to WordPress.com Jetpack API.
*/
class Client {
const WPCOM_JSON_API_VERSION = '1.1';
/**
* Makes an authorized remote request using Jetpack_Signature
*
* @param Array $args the arguments for the remote request.
* @param Array|String $body the request body.
* @return array|WP_Error WP HTTP response on success
*/
public static function remote_request( $args, $body = null ) {
$defaults = array(
'url' => '',
'user_id' => 0,
'blog_id' => 0,
'auth_location' => Constants::get_constant( 'JETPACK_CLIENT__AUTH_LOCATION' ),
'method' => 'POST',
'timeout' => 10,
'redirection' => 0,
'headers' => array(),
'stream' => false,
'filename' => null,
'sslverify' => true,
);
$args = wp_parse_args( $args, $defaults );
$args['blog_id'] = (int) $args['blog_id'];
if ( 'header' !== $args['auth_location'] ) {
$args['auth_location'] = 'query_string';
}
$connection = new Manager();
$token = $connection->get_access_token( $args['user_id'] );
if ( ! $token ) {
return new \WP_Error( 'missing_token' );
}
$method = strtoupper( $args['method'] );
$timeout = intval( $args['timeout'] );
$redirection = $args['redirection'];
$stream = $args['stream'];
$filename = $args['filename'];
$sslverify = $args['sslverify'];
$request = compact( 'method', 'body', 'timeout', 'redirection', 'stream', 'filename', 'sslverify' );
@list( $token_key, $secret ) = explode( '.', $token->secret ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
if ( empty( $token ) || empty( $secret ) ) {
return new \WP_Error( 'malformed_token' );
}
$token_key = sprintf(
'%s:%d:%d',
$token_key,
Constants::get_constant( 'JETPACK__API_VERSION' ),
$token->external_user_id
);
$time_diff = (int) \Jetpack_Options::get_option( 'time_diff' );
$jetpack_signature = new \Jetpack_Signature( $token->secret, $time_diff );
$timestamp = time() + $time_diff;
if ( function_exists( 'wp_generate_password' ) ) {
$nonce = wp_generate_password( 10, false );
} else {
$nonce = substr( sha1( wp_rand( 0, 1000000 ) ), 0, 10 );
}
// Kind of annoying. Maybe refactor Jetpack_Signature to handle body-hashing.
if ( is_null( $body ) ) {
$body_hash = '';
} else {
// Allow arrays to be used in passing data.
$body_to_hash = $body;
if ( is_array( $body ) ) {
// We cast this to a new variable, because the array form of $body needs to be
// maintained so it can be passed into the request later on in the code.
if ( count( $body ) > 0 ) {
$body_to_hash = wp_json_encode( self::_stringify_data( $body ) );
} else {
$body_to_hash = '';
}
}
if ( ! is_string( $body_to_hash ) ) {
return new \WP_Error( 'invalid_body', 'Body is malformed.' );
}
$body_hash = base64_encode( sha1( $body_to_hash, true ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
}
$auth = array(
'token' => $token_key,
'timestamp' => $timestamp,
'nonce' => $nonce,
'body-hash' => $body_hash,
);
if ( false !== strpos( $args['url'], 'xmlrpc.php' ) ) {
$url_args = array(
'for' => 'jetpack',
'wpcom_blog_id' => \Jetpack_Options::get_option( 'id' ),
);
} else {
$url_args = array();
}
if ( 'header' !== $args['auth_location'] ) {
$url_args += $auth;
}
$url = add_query_arg( urlencode_deep( $url_args ), $args['url'] );
$url = Utils::fix_url_for_bad_hosts( $url );
$signature = $jetpack_signature->sign_request( $token_key, $timestamp, $nonce, $body_hash, $method, $url, $body, false );
if ( ! $signature || is_wp_error( $signature ) ) {
return $signature;
}
// Send an Authorization header so various caches/proxies do the right thing.
$auth['signature'] = $signature;
$auth['version'] = Constants::get_constant( 'JETPACK__VERSION' );
$header_pieces = array();
foreach ( $auth as $key => $value ) {
$header_pieces[] = sprintf( '%s="%s"', $key, $value );
}
$request['headers'] = array_merge(
$args['headers'],
array(
'Authorization' => 'X_JETPACK ' . join( ' ', $header_pieces ),
)
);
if ( 'header' !== $args['auth_location'] ) {
$url = add_query_arg( 'signature', rawurlencode( $signature ), $url );
}
return self::_wp_remote_request( $url, $request );
}
/**
* Wrapper for wp_remote_request(). Turns off SSL verification for certain SSL errors.
* This is lame, but many, many, many hosts have misconfigured SSL.
*
* When Jetpack is registered, the jetpack_fallback_no_verify_ssl_certs option is set to the current time if:
* 1. a certificate error is found AND
* 2. not verifying the certificate works around the problem.
*
* The option is checked on each request.
*
* @internal
* @see Utils::fix_url_for_bad_hosts()
*
* @param String $url the request URL.
* @param Array $args request arguments.
* @param Boolean $set_fallback whether to allow flagging this request to use a fallback certficate override.
* @return array|WP_Error WP HTTP response on success
*/
public static function _wp_remote_request( $url, $args, $set_fallback = false ) { // phpcs:ignore PSR2.Methods.MethodDeclaration.Underscore
/**
* SSL verification (`sslverify`) for the JetpackClient remote request
* defaults to off, use this filter to force it on.
*
* Return `true` to ENABLE SSL verification, return `false`
* to DISABLE SSL verification.
*
* @since 3.6.0
*
* @param bool Whether to force `sslverify` or not.
*/
if ( apply_filters( 'jetpack_client_verify_ssl_certs', false ) ) {
return wp_remote_request( $url, $args );
}
$fallback = \Jetpack_Options::get_option( 'fallback_no_verify_ssl_certs' );
if ( false === $fallback ) {
\Jetpack_Options::update_option( 'fallback_no_verify_ssl_certs', 0 );
}
if ( (int) $fallback ) {
// We're flagged to fallback.
$args['sslverify'] = false;
}
$response = wp_remote_request( $url, $args );
if (
! $set_fallback // We're not allowed to set the flag on this request, so whatever happens happens.
||
isset( $args['sslverify'] ) && ! $args['sslverify'] // No verification - no point in doing it again.
||
! is_wp_error( $response ) // Let it ride.
) {
self::set_time_diff( $response, $set_fallback );
return $response;
}
// At this point, we're not flagged to fallback and we are allowed to set the flag on this request.
$message = $response->get_error_message();
// Is it an SSL Certificate verification error?
if (
false === strpos( $message, '14090086' ) // OpenSSL SSL3 certificate error.
&&
false === strpos( $message, '1407E086' ) // OpenSSL SSL2 certificate error.
&&
false === strpos( $message, 'error setting certificate verify locations' ) // cURL CA bundle not found.
&&
false === strpos( $message, 'Peer certificate cannot be authenticated with' ) // cURL CURLE_SSL_CACERT: CA bundle found, but not helpful
// Different versions of curl have different error messages
// this string should catch them all.
&&
false === strpos( $message, 'Problem with the SSL CA cert' ) // cURL CURLE_SSL_CACERT_BADFILE: probably access rights.
) {
// No, it is not.
return $response;
}
// Redo the request without SSL certificate verification.
$args['sslverify'] = false;
$response = wp_remote_request( $url, $args );
if ( ! is_wp_error( $response ) ) {
// The request went through this time, flag for future fallbacks.
\Jetpack_Options::update_option( 'fallback_no_verify_ssl_certs', time() );
self::set_time_diff( $response, $set_fallback );
}
return $response;
}
/**
* Sets the time difference for correct signature computation.
*
* @param HTTP_Response $response the response object.
* @param Boolean $force_set whether to force setting the time difference.
*/
public static function set_time_diff( &$response, $force_set = false ) {
$code = wp_remote_retrieve_response_code( $response );
// Only trust the Date header on some responses.
if ( 200 != $code && 304 != $code && 400 != $code && 401 != $code ) { // phpcs:ignore WordPress.PHP.StrictComparisons.LooseComparison
return;
}
$date = wp_remote_retrieve_header( $response, 'date' );
if ( ! $date ) {
return;
}
$time = (int) strtotime( $date );
if ( 0 >= $time ) {
return;
}
$time_diff = $time - time();
if ( $force_set ) { // During register.
\Jetpack_Options::update_option( 'time_diff', $time_diff );
} else { // Otherwise.
$old_diff = \Jetpack_Options::get_option( 'time_diff' );
if ( false === $old_diff || abs( $time_diff - (int) $old_diff ) > 10 ) {
\Jetpack_Options::update_option( 'time_diff', $time_diff );
}
}
}
/**
* Queries the WordPress.com REST API with a user token.
*
* @param string $path REST API path.
* @param string $version REST API version. Default is `2`.
* @param array $args Arguments to {@see WP_Http}. Default is `array()`.
* @param string $body Body passed to {@see WP_Http}. Default is `null`.
* @param string $base_api_path REST API root. Default is `wpcom`.
*
* @return array|WP_Error $response Response data, else {@see WP_Error} on failure.
*/
public static function wpcom_json_api_request_as_user(
$path,
$version = '2',
$args = array(),
$body = null,
$base_api_path = 'wpcom'
) {
$base_api_path = trim( $base_api_path, '/' );
$version = ltrim( $version, 'v' );
$path = ltrim( $path, '/' );
$args = array_intersect_key(
$args,
array(
'headers' => 'array',
'method' => 'string',
'timeout' => 'int',
'redirection' => 'int',
'stream' => 'boolean',
'filename' => 'string',
'sslverify' => 'boolean',
)
);
$args['user_id'] = get_current_user_id();
$args['method'] = isset( $args['method'] ) ? strtoupper( $args['method'] ) : 'GET';
$args['url'] = sprintf(
'%s://%s/%s/v%s/%s',
self::protocol(),
Constants::get_constant( 'JETPACK__WPCOM_JSON_API_HOST' ),
$base_api_path,
$version,
$path
);
if ( isset( $body ) && ! isset( $args['headers'] ) && in_array( $args['method'], array( 'POST', 'PUT', 'PATCH' ), true ) ) {
$args['headers'] = array( 'Content-Type' => 'application/json' );
}
if ( isset( $body ) && ! is_string( $body ) ) {
$body = wp_json_encode( $body );
}
return self::remote_request( $args, $body );
}
/**
* Query the WordPress.com REST API using the blog token
*
* @param String $path The API endpoint relative path.
* @param String $version The API version.
* @param Array $args Request arguments.
* @param String $body Request body.
* @param String $base_api_path (optional) the API base path override, defaults to 'rest'.
* @return Array|WP_Error $response Data.
*/
public static function wpcom_json_api_request_as_blog(
$path,
$version = self::WPCOM_JSON_API_VERSION,
$args = array(),
$body = null,
$base_api_path = 'rest'
) {
$filtered_args = array_intersect_key(
$args,
array(
'headers' => 'array',
'method' => 'string',
'timeout' => 'int',
'redirection' => 'int',
'stream' => 'boolean',
'filename' => 'string',
'sslverify' => 'boolean',
)
);
// unprecedingslashit.
$_path = preg_replace( '/^\//', '', $path );
// Use GET by default whereas `remote_request` uses POST.
$request_method = ( isset( $filtered_args['method'] ) ) ? $filtered_args['method'] : 'GET';
$url = sprintf(
'%s://%s/%s/v%s/%s',
self::protocol(),
Constants::get_constant( 'JETPACK__WPCOM_JSON_API_HOST' ),
$base_api_path,
$version,
$_path
);
$validated_args = array_merge(
$filtered_args,
array(
'url' => $url,
'blog_id' => (int) \Jetpack_Options::get_option( 'id' ),
'method' => $request_method,
)
);
return self::remote_request( $validated_args, $body );
}
/**
* Takes an array or similar structure and recursively turns all values into strings. This is used to
* make sure that body hashes are made ith the string version, which is what will be seen after a
* server pulls up the data in the $_POST array.
*
* @param Array|Mixed $data the data that needs to be stringified.
*
* @return array|string
*/
public static function _stringify_data( $data ) { // phpcs:ignore PSR2.Methods.MethodDeclaration.Underscore
// Booleans are special, lets just makes them and explicit 1/0 instead of the 0 being an empty string.
if ( is_bool( $data ) ) {
return $data ? '1' : '0';
}
// Cast objects into arrays.
if ( is_object( $data ) ) {
$data = (array) $data;
}
// Non arrays at this point should be just converted to strings.
if ( ! is_array( $data ) ) {
return (string) $data;
}
foreach ( $data as $key => &$value ) {
$value = self::_stringify_data( $value );
}
return $data;
}
/**
* Gets protocol string.
*
* @return string `https` (if possible), else `http`.
*/
public static function protocol() {
/**
* Determines whether Jetpack can send outbound https requests to the WPCOM api.
*
* @since 3.6.0
*
* @param bool $proto Defaults to true.
*/
$https = apply_filters( 'jetpack_can_make_outbound_https', true );
return $https ? 'https' : 'http';
}
}

2169
wp-content/plugins/jetpack.bck/vendor/automattic/jetpack-connection/src/class-manager.php vendored Normal file
View File

File diff suppressed because it is too large Load Diff

54
wp-content/plugins/jetpack.bck/vendor/automattic/jetpack-connection/src/class-rest-connector.php vendored Normal file
View File

@@ -0,0 +1,54 @@
<?php
/**
* Sets up the Connection REST API endpoints.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
/**
* Registers the REST routes for Connections.
*/
class REST_Connector {
/**
* The Connection Manager.
*
* @var Manager
*/
private $connection;
/**
* Constructor.
*
* @param Manager $connection The Connection Manager.
*/
public function __construct( Manager $connection ) {
$this->connection = $connection;
// Register a site.
register_rest_route(
'jetpack/v4',
'/verify_registration',
array(
'methods' => \WP_REST_Server::EDITABLE,
'callback' => array( $this, 'verify_registration' ),
)
);
}
/**
* Handles verification that a site is registered.
*
* @since 5.4.0
*
* @param \WP_REST_Request $request The request sent to the WP REST API.
*
* @return string|WP_Error
*/
public function verify_registration( \WP_REST_Request $request ) {
$registration_data = array( $request['secret_1'], $request['state'] );
return $this->connection->handle_registration( $registration_data );
}
}

62
wp-content/plugins/jetpack.bck/vendor/automattic/jetpack-connection/src/class-utils.php vendored Normal file
View File

@@ -0,0 +1,62 @@
<?php
/**
* The Jetpack Connection package Utils class file.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
use Automattic\Jetpack\Constants;
/**
* Provides utility methods for the Connection package.
*/
class Utils {
/**
* Some hosts disable the OpenSSL extension and so cannot make outgoing HTTPS requests.
* This method sets the URL scheme to HTTP when HTTPS requests can't be made.
*
* @param string $url The url.
* @return string The url with the required URL scheme.
*/
public static function fix_url_for_bad_hosts( $url ) {
// If we receive an http url, return it.
if ( 'http' === wp_parse_url( $url, PHP_URL_SCHEME ) ) {
return $url;
}
// If the url should never be https, ensure it isn't https.
if ( 'NEVER' === Constants::get_constant( 'JETPACK_CLIENT__HTTPS' ) ) {
return set_url_scheme( $url, 'http' );
}
// Otherwise, return the https url.
return $url;
}
/**
* Enters a user token into the user_tokens option
*
* @param int $user_id The user id.
* @param string $token The user token.
* @param bool $is_master_user Whether the user is the master user.
* @return bool
*/
public static function update_user_token( $user_id, $token, $is_master_user ) {
// Not designed for concurrent updates.
$user_tokens = \Jetpack_Options::get_option( 'user_tokens' );
if ( ! is_array( $user_tokens ) ) {
$user_tokens = array();
}
$user_tokens[ $user_id ] = $token;
if ( $is_master_user ) {
$master_user = $user_id;
$options = compact( 'user_tokens', 'master_user' );
} else {
$options = compact( 'user_tokens' );
}
return \Jetpack_Options::update_options( $options );
}
}

80
wp-content/plugins/jetpack.bck/vendor/automattic/jetpack-connection/src/class-xmlrpc-connector.php vendored Normal file
View File

@@ -0,0 +1,80 @@
<?php
/**
* Sets up the Connection XML-RPC methods.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
/**
* Registers the XML-RPC methods for Connections.
*/
class XMLRPC_Connector {
/**
* The Connection Manager.
*
* @var Manager
*/
private $connection;
/**
* Constructor.
*
* @param Manager $connection The Connection Manager.
*/
public function __construct( Manager $connection ) {
$this->connection = $connection;
// Adding the filter late to avoid being overwritten by Jetpack's XMLRPC server.
add_filter( 'xmlrpc_methods', array( $this, 'xmlrpc_methods' ), 20 );
}
/**
* Attached to the `xmlrpc_methods` filter.
*
* @param array $methods The already registered XML-RPC methods.
* @return array
*/
public function xmlrpc_methods( $methods ) {
return array_merge(
$methods,
array(
'jetpack.verifyRegistration' => array( $this, 'verify_registration' ),
)
);
}
/**
* Handles verification that a site is registered.
*
* @param array $registration_data The data sent by the XML-RPC client:
* [ $secret_1, $user_id ].
*
* @return string|IXR_Error
*/
public function verify_registration( $registration_data ) {
return $this->output( $this->connection->handle_registration( $registration_data ) );
}
/**
* Normalizes output for XML-RPC.
*
* @param mixed $data The data to output.
*/
private function output( $data ) {
if ( is_wp_error( $data ) ) {
$code = $data->get_error_data();
if ( ! $code ) {
$code = -10520;
}
return new \IXR_Error(
$code,
sprintf( 'Jetpack: [%s] %s', $data->get_error_code(), $data->get_error_message() )
);
}
return $data;
}
}

17
wp-content/plugins/jetpack.bck/vendor/automattic/jetpack-connection/src/interface-manager.php vendored Normal file
View File

@@ -0,0 +1,17 @@
<?php
/**
* The Jetpack Connection Interface file.
* No longer used.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
/**
* This interface is no longer used and is now deprecated.
*
* @deprecated since 7.8
*/
interface Manager_Interface {
}