bundesit/wordpress-preseed
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add upstream

Browse Source
This commit is contained in:
root
2019-10-24 00:12:05 +02:00
parent 85d41e4216
commit ac980f592c
3504 changed files with 1049983 additions and 29971 deletions
Download Patch File Download Diff File Expand all files Collapse all files

267
wp-content/plugins/jetpack/vendor/automattic/jetpack-connection/legacy/class.jetpack-signature.php vendored Normal file
View File

@@ -0,0 +1,267 @@
<?php
use \Automattic\Jetpack\Connection\Manager as Connection_Manager;
class Jetpack_Signature {
public $token;
public $secret;
public $current_request_url;
function __construct( $access_token, $time_diff = 0 ) {
$secret = explode( '.', $access_token );
if ( 2 != count( $secret ) ) {
return;
}
$this->token = $secret[0];
$this->secret = $secret[1];
$this->time_diff = $time_diff;
}
function sign_current_request( $override = array() ) {
if ( isset( $override['scheme'] ) ) {
$scheme = $override['scheme'];
if ( ! in_array( $scheme, array( 'http', 'https' ) ) ) {
return new WP_Error( 'invalid_scheme', 'Invalid URL scheme' );
}
} else {
if ( is_ssl() ) {
$scheme = 'https';
} else {
$scheme = 'http';
}
}
$host_port = isset( $_SERVER['HTTP_X_FORWARDED_PORT'] ) ? $_SERVER['HTTP_X_FORWARDED_PORT'] : $_SERVER['SERVER_PORT'];
$connection = new Connection_Manager();
/**
* Note: This port logic is tested in the Jetpack_Cxn_Tests->test__server_port_value() test.
* Please update the test if any changes are made in this logic.
*/
if ( is_ssl() ) {
// 443: Standard Port
// 80: Assume we're behind a proxy without X-Forwarded-Port. Hardcoding "80" here means most sites
// with SSL termination proxies (self-served, Cloudflare, etc.) don't need to fiddle with
// the JETPACK_SIGNATURE__HTTPS_PORT constant. The code also implies we can't talk to a
// site at https://example.com:80/ (which would be a strange configuration).
// JETPACK_SIGNATURE__HTTPS_PORT: Set this constant in wp-config.php to the back end webserver's port
// if the site is behind a proxy running on port 443 without
// X-Forwarded-Port and the back end's port is *not* 80. It's better,
// though, to configure the proxy to send X-Forwarded-Port.
$https_port = defined( 'JETPACK_SIGNATURE__HTTPS_PORT' ) ? JETPACK_SIGNATURE__HTTPS_PORT : 443;
$port = in_array( $host_port, array( 443, 80, $https_port ) ) ? '' : $host_port;
} else {
// 80: Standard Port
// JETPACK_SIGNATURE__HTTPS_PORT: Set this constant in wp-config.php to the back end webserver's port
// if the site is behind a proxy running on port 80 without
// X-Forwarded-Port. It's better, though, to configure the proxy to
// send X-Forwarded-Port.
$http_port = defined( 'JETPACK_SIGNATURE__HTTP_PORT' ) ? JETPACK_SIGNATURE__HTTP_PORT : 80;
$port = in_array( $host_port, array( 80, $http_port ) ) ? '' : $host_port;
}
$this->current_request_url = "{$scheme}://{$_SERVER['HTTP_HOST']}:{$port}" . stripslashes( $_SERVER['REQUEST_URI'] );
if ( array_key_exists( 'body', $override ) && ! empty( $override['body'] ) ) {
$body = $override['body'];
} elseif ( 'POST' == strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
$body = isset( $GLOBALS['HTTP_RAW_POST_DATA'] ) ? $GLOBALS['HTTP_RAW_POST_DATA'] : null;
// Convert the $_POST to the body, if the body was empty. This is how arrays are hashed
// and encoded on the Jetpack side.
if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
if ( empty( $body ) && is_array( $_POST ) && count( $_POST ) > 0 ) {
$body = $_POST;
}
}
} elseif ( 'PUT' == strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
// This is a little strange-looking, but there doesn't seem to be another way to get the PUT body
$raw_put_data = file_get_contents( 'php://input' );
parse_str( $raw_put_data, $body );
if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
$put_data = json_decode( $raw_put_data, true );
if ( is_array( $put_data ) && count( $put_data ) > 0 ) {
$body = $put_data;
}
}
} else {
$body = null;
}
if ( empty( $body ) ) {
$body = null;
}
$a = array();
foreach ( array( 'token', 'timestamp', 'nonce', 'body-hash' ) as $parameter ) {
if ( isset( $override[ $parameter ] ) ) {
$a[ $parameter ] = $override[ $parameter ];
} else {
$a[ $parameter ] = isset( $_GET[ $parameter ] ) ? stripslashes( $_GET[ $parameter ] ) : '';
}
}
$method = isset( $override['method'] ) ? $override['method'] : $_SERVER['REQUEST_METHOD'];
return $this->sign_request( $a['token'], $a['timestamp'], $a['nonce'], $a['body-hash'], $method, $this->current_request_url, $body, true );
}
// body_hash v. body-hash is annoying. Refactor to accept an array?
function sign_request( $token = '', $timestamp = 0, $nonce = '', $body_hash = '', $method = '', $url = '', $body = null, $verify_body_hash = true ) {
if ( ! $this->secret ) {
return new WP_Error( 'invalid_secret', 'Invalid secret' );
}
if ( ! $this->token ) {
return new WP_Error( 'invalid_token', 'Invalid token' );
}
list( $token ) = explode( '.', $token );
$signature_details = compact( 'token', 'timestamp', 'nonce', 'body_hash', 'method', 'url' );
if ( 0 !== strpos( $token, "$this->token:" ) ) {
return new WP_Error( 'token_mismatch', 'Incorrect token', compact( 'signature_details' ) );
}
// If we got an array at this point, let's encode it, so we can see what it looks like as a string.
if ( is_array( $body ) ) {
if ( count( $body ) > 0 ) {
$body = json_encode( $body );
} else {
$body = '';
}
}
$required_parameters = array( 'token', 'timestamp', 'nonce', 'method', 'url' );
if ( ! is_null( $body ) ) {
$required_parameters[] = 'body_hash';
if ( ! is_string( $body ) ) {
return new WP_Error( 'invalid_body', 'Body is malformed.', compact( 'signature_details' ) );
}
}
foreach ( $required_parameters as $required ) {
if ( ! is_scalar( $$required ) ) {
return new WP_Error( 'invalid_signature', sprintf( 'The required "%s" parameter is malformed.', str_replace( '_', '-', $required ) ), compact( 'signature_details' ) );
}
if ( ! strlen( $$required ) ) {
return new WP_Error( 'invalid_signature', sprintf( 'The required "%s" parameter is missing.', str_replace( '_', '-', $required ) ), compact( 'signature_details' ) );
}
}
if ( empty( $body ) ) {
if ( $body_hash ) {
return new WP_Error( 'invalid_body_hash', 'Invalid body hash for empty body.', compact( 'signature_details' ) );
}
} else {
$connection = new Connection_Manager();
if ( $verify_body_hash && $connection->sha1_base64( $body ) !== $body_hash ) {
return new WP_Error( 'invalid_body_hash', 'The body hash does not match.', compact( 'signature_details' ) );
}
}
$parsed = parse_url( $url );
if ( ! isset( $parsed['host'] ) ) {
return new WP_Error( 'invalid_signature', sprintf( 'The required "%s" parameter is malformed.', 'url' ), compact( 'signature_details' ) );
}
if ( ! empty( $parsed['port'] ) ) {
$port = $parsed['port'];
} else {
if ( 'http' == $parsed['scheme'] ) {
$port = 80;
} elseif ( 'https' == $parsed['scheme'] ) {
$port = 443;
} else {
return new WP_Error( 'unknown_scheme_port', "The scheme's port is unknown", compact( 'signature_details' ) );
}
}
if ( ! ctype_digit( "$timestamp" ) || 10 < strlen( $timestamp ) ) { // If Jetpack is around in 275 years, you can blame mdawaffe for the bug.
return new WP_Error( 'invalid_signature', sprintf( 'The required "%s" parameter is malformed.', 'timestamp' ), compact( 'signature_details' ) );
}
$local_time = $timestamp - $this->time_diff;
if ( $local_time < time() - 600 || $local_time > time() + 300 ) {
return new WP_Error( 'invalid_signature', 'The timestamp is too old.', compact( 'signature_details' ) );
}
if ( 12 < strlen( $nonce ) || preg_match( '/[^a-zA-Z0-9]/', $nonce ) ) {
return new WP_Error( 'invalid_signature', sprintf( 'The required "%s" parameter is malformed.', 'nonce' ), compact( 'signature_details' ) );
}
$normalized_request_pieces = array(
$token,
$timestamp,
$nonce,
$body_hash,
strtoupper( $method ),
strtolower( $parsed['host'] ),
$port,
$parsed['path'],
// Normalized Query String
);
$normalized_request_pieces = array_merge( $normalized_request_pieces, $this->normalized_query_parameters( isset( $parsed['query'] ) ? $parsed['query'] : '' ) );
$flat_normalized_request_pieces = array();
foreach ( $normalized_request_pieces as $piece ) {
if ( is_array( $piece ) ) {
foreach ( $piece as $subpiece ) {
$flat_normalized_request_pieces[] = $subpiece;
}
} else {
$flat_normalized_request_pieces[] = $piece;
}
}
$normalized_request_pieces = $flat_normalized_request_pieces;
$normalized_request_string = join( "\n", $normalized_request_pieces ) . "\n";
return base64_encode( hash_hmac( 'sha1', $normalized_request_string, $this->secret, true ) );
}
function normalized_query_parameters( $query_string ) {
parse_str( $query_string, $array );
if ( get_magic_quotes_gpc() ) {
$array = stripslashes_deep( $array );
}
unset( $array['signature'] );
$names = array_keys( $array );
$values = array_values( $array );
$names = array_map( array( $this, 'encode_3986' ), $names );
$values = array_map( array( $this, 'encode_3986' ), $values );
$pairs = array_map( array( $this, 'join_with_equal_sign' ), $names, $values );
sort( $pairs );
return $pairs;
}
function encode_3986( $string_or_array ) {
if ( is_array( $string_or_array ) ) {
return array_map( array( $this, 'encode_3986' ), $string_or_array );
}
$string_or_array = rawurlencode( $string_or_array );
return str_replace( '%7E', '~', $string_or_array ); // prior to PHP 5.3, rawurlencode was RFC 1738
}
function join_with_equal_sign( $name, $value ) {
if ( is_array( $value ) ) {
$result = array();
foreach ( $value as $array_key => $array_value ) {
$result[] = $name . '[' . $array_key . ']' . '=' . $array_value;
}
return $result;
}
return "{$name}={$value}";
}
}

454
wp-content/plugins/jetpack/vendor/automattic/jetpack-connection/src/Client.php vendored Normal file
View File

@@ -0,0 +1,454 @@
<?php
/**
* The Connection Client class file.
*
* @package jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
use Automattic\Jetpack\Constants;
/**
* The Client class that is used to connect to WordPress.com Jetpack API.
*/
class Client {
const WPCOM_JSON_API_VERSION = '1.1';
/**
* Makes an authorized remote request using Jetpack_Signature
*
* @param Array $args the arguments for the remote request.
* @param Array|String $body the request body.
* @return array|WP_Error WP HTTP response on success
*/
public static function remote_request( $args, $body = null ) {
$defaults = array(
'url' => '',
'user_id' => 0,
'blog_id' => 0,
'auth_location' => Constants::get_constant( 'JETPACK_CLIENT__AUTH_LOCATION' ),
'method' => 'POST',
'timeout' => 10,
'redirection' => 0,
'headers' => array(),
'stream' => false,
'filename' => null,
'sslverify' => true,
);
$args = wp_parse_args( $args, $defaults );
$args['blog_id'] = (int) $args['blog_id'];
if ( 'header' !== $args['auth_location'] ) {
$args['auth_location'] = 'query_string';
}
$token = \Jetpack_Data::get_access_token( $args['user_id'] );
if ( ! $token ) {
return new \WP_Error( 'missing_token' );
}
$method = strtoupper( $args['method'] );
$timeout = intval( $args['timeout'] );
$redirection = $args['redirection'];
$stream = $args['stream'];
$filename = $args['filename'];
$sslverify = $args['sslverify'];
$request = compact( 'method', 'body', 'timeout', 'redirection', 'stream', 'filename', 'sslverify' );
@list( $token_key, $secret ) = explode( '.', $token->secret ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
if ( empty( $token ) || empty( $secret ) ) {
return new \WP_Error( 'malformed_token' );
}
$token_key = sprintf(
'%s:%d:%d',
$token_key,
Constants::get_constant( 'JETPACK__API_VERSION' ),
$token->external_user_id
);
$time_diff = (int) \Jetpack_Options::get_option( 'time_diff' );
$jetpack_signature = new \Jetpack_Signature( $token->secret, $time_diff );
$timestamp = time() + $time_diff;
if ( function_exists( 'wp_generate_password' ) ) {
$nonce = wp_generate_password( 10, false );
} else {
$nonce = substr( sha1( wp_rand( 0, 1000000 ) ), 0, 10 );
}
// Kind of annoying. Maybe refactor Jetpack_Signature to handle body-hashing.
if ( is_null( $body ) ) {
$body_hash = '';
} else {
// Allow arrays to be used in passing data.
$body_to_hash = $body;
if ( is_array( $body ) ) {
// We cast this to a new variable, because the array form of $body needs to be
// maintained so it can be passed into the request later on in the code.
if ( count( $body ) > 0 ) {
$body_to_hash = wp_json_encode( self::_stringify_data( $body ) );
} else {
$body_to_hash = '';
}
}
if ( ! is_string( $body_to_hash ) ) {
return new \WP_Error( 'invalid_body', 'Body is malformed.' );
}
$body_hash = base64_encode( sha1( $body_to_hash, true ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
}
$auth = array(
'token' => $token_key,
'timestamp' => $timestamp,
'nonce' => $nonce,
'body-hash' => $body_hash,
);
if ( false !== strpos( $args['url'], 'xmlrpc.php' ) ) {
$url_args = array(
'for' => 'jetpack',
'wpcom_blog_id' => \Jetpack_Options::get_option( 'id' ),
);
} else {
$url_args = array();
}
if ( 'header' !== $args['auth_location'] ) {
$url_args += $auth;
}
$url = add_query_arg( urlencode_deep( $url_args ), $args['url'] );
$url = \Jetpack::fix_url_for_bad_hosts( $url );
$signature = $jetpack_signature->sign_request( $token_key, $timestamp, $nonce, $body_hash, $method, $url, $body, false );
if ( ! $signature || is_wp_error( $signature ) ) {
return $signature;
}
// Send an Authorization header so various caches/proxies do the right thing.
$auth['signature'] = $signature;
$auth['version'] = Constants::get_constant( 'JETPACK__VERSION' );
$header_pieces = array();
foreach ( $auth as $key => $value ) {
$header_pieces[] = sprintf( '%s="%s"', $key, $value );
}
$request['headers'] = array_merge(
$args['headers'],
array(
'Authorization' => 'X_JETPACK ' . join( ' ', $header_pieces ),
)
);
if ( 'header' !== $args['auth_location'] ) {
$url = add_query_arg( 'signature', rawurlencode( $signature ), $url );
}
return self::_wp_remote_request( $url, $request );
}
/**
* Wrapper for wp_remote_request(). Turns off SSL verification for certain SSL errors.
* This is lame, but many, many, many hosts have misconfigured SSL.
*
* When Jetpack is registered, the jetpack_fallback_no_verify_ssl_certs option is set to the current time if:
* 1. a certificate error is found AND
* 2. not verifying the certificate works around the problem.
*
* The option is checked on each request.
*
* @internal
* @see Jetpack::fix_url_for_bad_hosts()
*
* @param String $url the request URL.
* @param Array $args request arguments.
* @param Boolean $set_fallback whether to allow flagging this request to use a fallback certficate override.
* @return array|WP_Error WP HTTP response on success
*/
public static function _wp_remote_request( $url, $args, $set_fallback = false ) {
/**
* SSL verification (`sslverify`) for the JetpackClient remote request
* defaults to off, use this filter to force it on.
*
* Return `true` to ENABLE SSL verification, return `false`
* to DISABLE SSL verification.
*
* @since 3.6.0
*
* @param bool Whether to force `sslverify` or not.
*/
if ( apply_filters( 'jetpack_client_verify_ssl_certs', false ) ) {
return wp_remote_request( $url, $args );
}
$fallback = \Jetpack_Options::get_option( 'fallback_no_verify_ssl_certs' );
if ( false === $fallback ) {
\Jetpack_Options::update_option( 'fallback_no_verify_ssl_certs', 0 );
}
if ( (int) $fallback ) {
// We're flagged to fallback.
$args['sslverify'] = false;
}
$response = wp_remote_request( $url, $args );
if (
! $set_fallback // We're not allowed to set the flag on this request, so whatever happens happens.
||
isset( $args['sslverify'] ) && ! $args['sslverify'] // No verification - no point in doing it again.
||
! is_wp_error( $response ) // Let it ride.
) {
self::set_time_diff( $response, $set_fallback );
return $response;
}
// At this point, we're not flagged to fallback and we are allowed to set the flag on this request.
$message = $response->get_error_message();
// Is it an SSL Certificate verification error?
if (
false === strpos( $message, '14090086' ) // OpenSSL SSL3 certificate error.
&&
false === strpos( $message, '1407E086' ) // OpenSSL SSL2 certificate error.
&&
false === strpos( $message, 'error setting certificate verify locations' ) // cURL CA bundle not found.
&&
false === strpos( $message, 'Peer certificate cannot be authenticated with' ) // cURL CURLE_SSL_CACERT: CA bundle found, but not helpful
// Different versions of curl have different error messages
// this string should catch them all.
&&
false === strpos( $message, 'Problem with the SSL CA cert' ) // cURL CURLE_SSL_CACERT_BADFILE: probably access rights.
) {
// No, it is not.
return $response;
}
// Redo the request without SSL certificate verification.
$args['sslverify'] = false;
$response = wp_remote_request( $url, $args );
if ( ! is_wp_error( $response ) ) {
// The request went through this time, flag for future fallbacks.
\Jetpack_Options::update_option( 'fallback_no_verify_ssl_certs', time() );
self::set_time_diff( $response, $set_fallback );
}
return $response;
}
/**
* Sets the time difference for correct signature computation.
*
* @param HTTP_Response $response the response object.
* @param Boolean $force_set whether to force setting the time difference.
*/
public static function set_time_diff( &$response, $force_set = false ) {
$code = wp_remote_retrieve_response_code( $response );
// Only trust the Date header on some responses.
if ( 200 != $code && 304 != $code && 400 != $code && 401 != $code ) { // phpcs:ignore WordPress.PHP.StrictComparisons.LooseComparison
return;
}
$date = wp_remote_retrieve_header( $response, 'date' );
if ( ! $date ) {
return;
}
$time = (int) strtotime( $date );
if ( 0 >= $time ) {
return;
}
$time_diff = $time - time();
if ( $force_set ) { // During register.
\Jetpack_Options::update_option( 'time_diff', $time_diff );
} else { // Otherwise.
$old_diff = \Jetpack_Options::get_option( 'time_diff' );
if ( false === $old_diff || abs( $time_diff - (int) $old_diff ) > 10 ) {
\Jetpack_Options::update_option( 'time_diff', $time_diff );
}
}
}
/**
* Queries the WordPress.com REST API with a user token.
*
* @param string $path REST API path.
* @param string $version REST API version. Default is `2`.
* @param array $args Arguments to {@see WP_Http}. Default is `array()`.
* @param string $body Body passed to {@see WP_Http}. Default is `null`.
* @param string $base_api_path REST API root. Default is `wpcom`.
*
* @return array|WP_Error $response Response data, else {@see WP_Error} on failure.
*/
public static function wpcom_json_api_request_as_user(
$path,
$version = '2',
$args = array(),
$body = null,
$base_api_path = 'wpcom'
) {
$base_api_path = trim( $base_api_path, '/' );
$version = ltrim( $version, 'v' );
$path = ltrim( $path, '/' );
$args = array_intersect_key(
$args,
array(
'headers' => 'array',
'method' => 'string',
'timeout' => 'int',
'redirection' => 'int',
'stream' => 'boolean',
'filename' => 'string',
'sslverify' => 'boolean',
)
);
$args['user_id'] = get_current_user_id();
$args['method'] = isset( $args['method'] ) ? strtoupper( $args['method'] ) : 'GET';
$args['url'] = sprintf(
'%s://%s/%s/v%s/%s',
self::protocol(),
Constants::get_constant( 'JETPACK__WPCOM_JSON_API_HOST' ),
$base_api_path,
$version,
$path
);
if ( isset( $body ) && ! isset( $args['headers'] ) && in_array( $args['method'], array( 'POST', 'PUT', 'PATCH' ), true ) ) {
$args['headers'] = array( 'Content-Type' => 'application/json' );
}
if ( isset( $body ) && ! is_string( $body ) ) {
$body = wp_json_encode( $body );
}
return self::remote_request( $args, $body );
}
/**
* Query the WordPress.com REST API using the blog token
*
* @param String $path The API endpoint relative path.
* @param String $version The API version.
* @param Array $args Request arguments.
* @param String $body Request body.
* @param String $base_api_path (optional) the API base path override, defaults to 'rest'.
* @return Array|WP_Error $response Data.
*/
public static function wpcom_json_api_request_as_blog(
$path,
$version = self::WPCOM_JSON_API_VERSION,
$args = array(),
$body = null,
$base_api_path = 'rest'
) {
$filtered_args = array_intersect_key(
$args,
array(
'headers' => 'array',
'method' => 'string',
'timeout' => 'int',
'redirection' => 'int',
'stream' => 'boolean',
'filename' => 'string',
'sslverify' => 'boolean',
)
);
// unprecedingslashit.
$_path = preg_replace( '/^\//', '', $path );
// Use GET by default whereas `remote_request` uses POST.
$request_method = ( isset( $filtered_args['method'] ) ) ? $filtered_args['method'] : 'GET';
$url = sprintf(
'%s://%s/%s/v%s/%s',
self::protocol(),
Constants::get_constant( 'JETPACK__WPCOM_JSON_API_HOST' ),
$base_api_path,
$version,
$_path
);
$validated_args = array_merge(
$filtered_args,
array(
'url' => $url,
'blog_id' => (int) \Jetpack_Options::get_option( 'id' ),
'method' => $request_method,
)
);
return self::remote_request( $validated_args, $body );
}
/**
* Takes an array or similar structure and recursively turns all values into strings. This is used to
* make sure that body hashes are made ith the string version, which is what will be seen after a
* server pulls up the data in the $_POST array.
*
* @param Array|Mixed $data the data that needs to be stringified.
*
* @return array|string
*/
public static function _stringify_data( $data ) {
// Booleans are special, lets just makes them and explicit 1/0 instead of the 0 being an empty string.
if ( is_bool( $data ) ) {
return $data ? '1' : '0';
}
// Cast objects into arrays.
if ( is_object( $data ) ) {
$data = (array) $data;
}
// Non arrays at this point should be just converted to strings.
if ( ! is_array( $data ) ) {
return (string) $data;
}
foreach ( $data as $key => &$value ) {
$value = self::_stringify_data( $value );
}
return $data;
}
/**
* Gets protocol string.
*
* @return string `https` (if possible), else `http`.
*/
public static function protocol() {
/**
* Determines whether Jetpack can send outbound https requests to the WPCOM api.
*
* @since 3.6.0
*
* @param bool $proto Defaults to true.
*/
$https = apply_filters( 'jetpack_can_make_outbound_https', true );
return $https ? 'https' : 'http';
}
}

663
wp-content/plugins/jetpack/vendor/automattic/jetpack-connection/src/Manager.php vendored Normal file
View File

@@ -0,0 +1,663 @@
<?php
/**
* The Jetpack Connection manager class file.
*
* @package jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
use Automattic\Jetpack\Constants;
/**
* The Jetpack Connection Manager class that is used as a single gateway between WordPress.com
* and Jetpack.
*/
class Manager implements Manager_Interface {
const SECRETS_MISSING = 'secrets_missing';
const SECRETS_EXPIRED = 'secrets_expired';
const SECRETS_OPTION_NAME = 'jetpack_secrets';
const MAGIC_NORMAL_TOKEN_KEY = ';normal;';
const JETPACK_MASTER_USER = true;
/**
* The procedure that should be run to generate secrets.
*
* @var Callable
*/
protected $secret_callable;
/**
* Initializes all needed hooks and request handlers. Handles API calls, upload
* requests, authentication requests. Also XMLRPC options requests.
* Fallback XMLRPC is also a bridge, but probably can be a class that inherits
* this one. Among other things it should strip existing methods.
*
* @param Array $methods an array of API method names for the Connection to accept and
* pass on to existing callables. It's possible to specify whether
* each method should be available for unauthenticated calls or not.
* @see Jetpack::__construct
*/
public function initialize( $methods ) {
$methods;
}
/**
* Returns true if the current site is connected to WordPress.com.
*
* @return Boolean is the site connected?
*/
public function is_active() {
return (bool) $this->get_access_token( self::JETPACK_MASTER_USER );
}
/**
* Returns true if the user with the specified identifier is connected to
* WordPress.com.
*
* @param Integer|Boolean $user_id the user identifier.
* @return Boolean is the user connected?
*/
public function is_user_connected( $user_id = false ) {
$user_id = false === $user_id ? get_current_user_id() : absint( $user_id );
if ( ! $user_id ) {
return false;
}
return (bool) $this->get_access_token( $user_id );
}
/**
* Get the wpcom user data of the current|specified connected user.
*
* @param Integer $user_id the user identifier.
* @return Object the user object.
*/
public function get_connected_user_data( $user_id = null ) {
if ( ! $user_id ) {
$user_id = get_current_user_id();
}
$transient_key = "jetpack_connected_user_data_$user_id";
$cached_user_data = get_transient( $transient_key );
if ( $cached_user_data ) {
return $cached_user_data;
}
\Jetpack::load_xml_rpc_client();
$xml = new \Jetpack_IXR_Client(
array(
'user_id' => $user_id,
)
);
$xml->query( 'wpcom.getUser' );
if ( ! $xml->isError() ) {
$user_data = $xml->getResponse();
set_transient( $transient_key, $xml->getResponse(), DAY_IN_SECONDS );
return $user_data;
}
return false;
}
/**
* Is the user the connection owner.
*
* @param Integer $user_id the user identifier.
* @return Boolean is the user the connection owner?
*/
public function is_connection_owner( $user_id ) {
return $user_id;
}
/**
* Unlinks the current user from the linked WordPress.com user
*
* @param Integer $user_id the user identifier.
*/
public static function disconnect_user( $user_id ) {
return $user_id;
}
/**
* Initializes a transport server, whatever it may be, saves into the object property.
* Should be changed to be protected.
*/
public function initialize_server() {
}
/**
* Checks if the current request is properly authenticated, bails if not.
* Should be changed to be protected.
*/
public function require_authentication() {
}
/**
* Verifies the correctness of the request signature.
* Should be changed to be protected.
*/
public function verify_signature() {
}
/**
* Attempts Jetpack registration which sets up the site for connection. Should
* remain public because the call to action comes from the current site, not from
* WordPress.com.
*
* @return Integer zero on success, or a bitmask on failure.
*/
public function register() {
return 0;
}
/**
* Returns the callable that would be used to generate secrets.
*
* @return Callable a function that returns a secure string to be used as a secret.
*/
protected function get_secret_callable() {
if ( ! isset( $this->secret_callable ) ) {
/**
* Allows modification of the callable that is used to generate connection secrets.
*
* @param Callable a function or method that returns a secret string.
*/
$this->secret_callable = apply_filters( 'jetpack_connection_secret_generator', 'wp_generate_password' );
}
return $this->secret_callable;
}
/**
* Generates two secret tokens and the end of life timestamp for them.
*
* @param String $action The action name.
* @param Integer $user_id The user identifier.
* @param Integer $exp Expiration time in seconds.
*/
public function generate_secrets( $action, $user_id, $exp ) {
$callable = $this->get_secret_callable();
$secrets = \Jetpack_Options::get_raw_option(
self::SECRETS_OPTION_NAME,
array()
);
$secret_name = 'jetpack_' . $action . '_' . $user_id;
if (
isset( $secrets[ $secret_name ] ) &&
$secrets[ $secret_name ]['exp'] > time()
) {
return $secrets[ $secret_name ];
}
$secret_value = array(
'secret_1' => call_user_func( $callable ),
'secret_2' => call_user_func( $callable ),
'exp' => time() + $exp,
);
$secrets[ $secret_name ] = $secret_value;
\Jetpack_Options::update_raw_option( self::SECRETS_OPTION_NAME, $secrets );
return $secrets[ $secret_name ];
}
/**
* Returns two secret tokens and the end of life timestamp for them.
*
* @param String $action The action name.
* @param Integer $user_id The user identifier.
* @return string|array an array of secrets or an error string.
*/
public function get_secrets( $action, $user_id ) {
$secret_name = 'jetpack_' . $action . '_' . $user_id;
$secrets = \Jetpack_Options::get_raw_option(
self::SECRETS_OPTION_NAME,
array()
);
if ( ! isset( $secrets[ $secret_name ] ) ) {
return self::SECRETS_MISSING;
}
if ( $secrets[ $secret_name ]['exp'] < time() ) {
$this->delete_secrets( $action, $user_id );
return self::SECRETS_EXPIRED;
}
return $secrets[ $secret_name ];
}
/**
* Deletes secret tokens in case they, for example, have expired.
*
* @param String $action The action name.
* @param Integer $user_id The user identifier.
*/
public function delete_secrets( $action, $user_id ) {
$secret_name = 'jetpack_' . $action . '_' . $user_id;
$secrets = \Jetpack_Options::get_raw_option(
self::SECRETS_OPTION_NAME,
array()
);
if ( isset( $secrets[ $secret_name ] ) ) {
unset( $secrets[ $secret_name ] );
\Jetpack_Options::update_raw_option( self::SECRETS_OPTION_NAME, $secrets );
}
}
/**
* Responds to a WordPress.com call to register the current site.
* Should be changed to protected.
*
* @param array $registration_data Array of [ secret_1, user_id ].
*/
public function handle_registration( array $registration_data ) {
list( $registration_secret_1, $registration_user_id ) = $registration_data;
if ( empty( $registration_user_id ) ) {
return new \WP_Error( 'registration_state_invalid', __( 'Invalid Registration State', 'jetpack' ), 400 );
}
return $this->verify_secrets( 'register', $registration_secret_1, (int) $registration_user_id );
}
/**
* Verify a Previously Generated Secret.
*
* @param string $action The type of secret to verify.
* @param string $secret_1 The secret string to compare to what is stored.
* @param int $user_id The user ID of the owner of the secret.
*/
protected function verify_secrets( $action, $secret_1, $user_id ) {
$allowed_actions = array( 'register', 'authorize', 'publicize' );
if ( ! in_array( $action, $allowed_actions, true ) ) {
return new \WP_Error( 'unknown_verification_action', 'Unknown Verification Action', 400 );
}
$user = get_user_by( 'id', $user_id );
/**
* We've begun verifying the previously generated secret.
*
* @since 7.5.0
*
* @param string $action The type of secret to verify.
* @param \WP_User $user The user object.
*/
do_action( 'jetpack_verify_secrets_begin', $action, $user );
$return_error = function( \WP_Error $error ) use ( $action, $user ) {
/**
* Verifying of the previously generated secret has failed.
*
* @since 7.5.0
*
* @param string $action The type of secret to verify.
* @param \WP_User $user The user object.
* @param \WP_Error $error The error object.
*/
do_action( 'jetpack_verify_secrets_fail', $action, $user, $error );
return $error;
};
$stored_secrets = $this->get_secrets( $action, $user_id );
$this->delete_secrets( $action, $user_id );
if ( empty( $secret_1 ) ) {
return $return_error(
new \WP_Error(
'verify_secret_1_missing',
/* translators: "%s" is the name of a paramter. It can be either "secret_1" or "state". */
sprintf( __( 'The required "%s" parameter is missing.', 'jetpack' ), 'secret_1' ),
400
)
);
} elseif ( ! is_string( $secret_1 ) ) {
return $return_error(
new \WP_Error(
'verify_secret_1_malformed',
/* translators: "%s" is the name of a paramter. It can be either "secret_1" or "state". */
sprintf( __( 'The required "%s" parameter is malformed.', 'jetpack' ), 'secret_1' ),
400
)
);
} elseif ( empty( $user_id ) ) {
// $user_id is passed around during registration as "state".
return $return_error(
new \WP_Error(
'state_missing',
/* translators: "%s" is the name of a paramter. It can be either "secret_1" or "state". */
sprintf( __( 'The required "%s" parameter is missing.', 'jetpack' ), 'state' ),
400
)
);
} elseif ( ! ctype_digit( (string) $user_id ) ) {
return $return_error(
new \WP_Error(
'verify_secret_1_malformed',
/* translators: "%s" is the name of a paramter. It can be either "secret_1" or "state". */
sprintf( __( 'The required "%s" parameter is malformed.', 'jetpack' ), 'state' ),
400
)
);
}
if ( ! $stored_secrets ) {
return $return_error(
new \WP_Error(
'verify_secrets_missing',
__( 'Verification secrets not found', 'jetpack' ),
400
)
);
} elseif ( is_wp_error( $stored_secrets ) ) {
$stored_secrets->add_data( 400 );
return $return_error( $stored_secrets );
} elseif ( empty( $stored_secrets['secret_1'] ) || empty( $stored_secrets['secret_2'] ) || empty( $stored_secrets['exp'] ) ) {
return $return_error(
new \WP_Error(
'verify_secrets_incomplete',
__( 'Verification secrets are incomplete', 'jetpack' ),
400
)
);
} elseif ( ! hash_equals( $secret_1, $stored_secrets['secret_1'] ) ) {
return $return_error(
new \WP_Error(
'verify_secrets_mismatch',
__( 'Secret mismatch', 'jetpack' ),
400
)
);
}
/**
* We've succeeded at verifying the previously generated secret.
*
* @since 7.5.0
*
* @param string $action The type of secret to verify.
* @param \WP_User $user The user object.
*/
do_action( 'jetpack_verify_secrets_success', $action, $user );
return $stored_secrets['secret_2'];
}
/**
* Responds to a WordPress.com call to authorize the current user.
* Should be changed to protected.
*/
public function handle_authorization() {
}
/**
* Builds a URL to the Jetpack connection auth page.
* This needs rethinking.
*
* @param bool $raw If true, URL will not be escaped.
* @param bool|string $redirect If true, will redirect back to Jetpack wp-admin landing page after connection.
* If string, will be a custom redirect.
* @param bool|string $from If not false, adds 'from=$from' param to the connect URL.
* @param bool $register If true, will generate a register URL regardless of the existing token, since 4.9.0.
*
* @return string Connect URL
*/
public function build_connect_url( $raw, $redirect, $from, $register ) {
return array( $raw, $redirect, $from, $register );
}
/**
* Disconnects from the Jetpack servers.
* Forgets all connection details and tells the Jetpack servers to do the same.
*/
public function disconnect_site() {
}
/**
* The Base64 Encoding of the SHA1 Hash of the Input.
*
* @param string $text The string to hash.
* @return string
*/
public function sha1_base64( $text ) {
return base64_encode( sha1( $text, true ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
}
/**
* This function mirrors Jetpack_Data::is_usable_domain() in the WPCOM codebase.
*
* @param string $domain The domain to check.
*
* @return bool|WP_Error
*/
public function is_usable_domain( $domain ) {
// If it's empty, just fail out.
if ( ! $domain ) {
return new \WP_Error(
'fail_domain_empty',
/* translators: %1$s is a domain name. */
sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is empty.', 'jetpack' ), $domain )
);
}
/**
* Skips the usuable domain check when connecting a site.
*
* Allows site administrators with domains that fail gethostname-based checks to pass the request to WP.com
*
* @since 4.1.0
*
* @param bool If the check should be skipped. Default false.
*/
if ( apply_filters( 'jetpack_skip_usuable_domain_check', false ) ) {
return true;
}
// None of the explicit localhosts.
$forbidden_domains = array(
'wordpress.com',
'localhost',
'localhost.localdomain',
'127.0.0.1',
'local.wordpress.test', // VVV pattern.
'local.wordpress-trunk.test', // VVV pattern.
'src.wordpress-develop.test', // VVV pattern.
'build.wordpress-develop.test', // VVV pattern.
);
if ( in_array( $domain, $forbidden_domains, true ) ) {
return new \WP_Error(
'fail_domain_forbidden',
sprintf(
/* translators: %1$s is a domain name. */
__(
'Domain `%1$s` just failed is_usable_domain check as it is in the forbidden array.',
'jetpack'
),
$domain
)
);
}
// No .test or .local domains.
if ( preg_match( '#\.(test|local)$#i', $domain ) ) {
return new \WP_Error(
'fail_domain_tld',
sprintf(
/* translators: %1$s is a domain name. */
__(
'Domain `%1$s` just failed is_usable_domain check as it uses an invalid top level domain.',
'jetpack'
),
$domain
)
);
}
// No WPCOM subdomains.
if ( preg_match( '#\.WordPress\.com$#i', $domain ) ) {
return new \WP_Error(
'fail_subdomain_wpcom',
sprintf(
/* translators: %1$s is a domain name. */
__(
'Domain `%1$s` just failed is_usable_domain check as it is a subdomain of WordPress.com.',
'jetpack'
),
$domain
)
);
}
// If PHP was compiled without support for the Filter module (very edge case).
if ( ! function_exists( 'filter_var' ) ) {
// Just pass back true for now, and let wpcom sort it out.
return true;
}
return true;
}
/**
* Gets the requested token.
*
* Tokens are one of two types:
* 1. Blog Tokens: These are the "main" tokens. Each site typically has one Blog Token,
* though some sites can have multiple "Special" Blog Tokens (see below). These tokens
* are not associated with a user account. They represent the site's connection with
* the Jetpack servers.
* 2. User Tokens: These are "sub-"tokens. Each connected user account has one User Token.
*
* All tokens look like "{$token_key}.{$private}". $token_key is a public ID for the
* token, and $private is a secret that should never be displayed anywhere or sent
* over the network; it's used only for signing things.
*
* Blog Tokens can be "Normal" or "Special".
* * Normal: The result of a normal connection flow. They look like
* "{$random_string_1}.{$random_string_2}"
* That is, $token_key and $private are both random strings.
* Sites only have one Normal Blog Token. Normal Tokens are found in either
* Jetpack_Options::get_option( 'blog_token' ) (usual) or the JETPACK_BLOG_TOKEN
* constant (rare).
* * Special: A connection token for sites that have gone through an alternative
* connection flow. They look like:
* ";{$special_id}{$special_version};{$wpcom_blog_id};.{$random_string}"
* That is, $private is a random string and $token_key has a special structure with
* lots of semicolons.
* Most sites have zero Special Blog Tokens. Special tokens are only found in the
* JETPACK_BLOG_TOKEN constant.
*
* In particular, note that Normal Blog Tokens never start with ";" and that
* Special Blog Tokens always do.
*
* When searching for a matching Blog Tokens, Blog Tokens are examined in the following
* order:
* 1. Defined Special Blog Tokens (via the JETPACK_BLOG_TOKEN constant)
* 2. Stored Normal Tokens (via Jetpack_Options::get_option( 'blog_token' ))
* 3. Defined Normal Tokens (via the JETPACK_BLOG_TOKEN constant)
*
* @param int|false $user_id false: Return the Blog Token. int: Return that user's User Token.
* @param string|false $token_key If provided, check that the token matches the provided input.
* @param bool|true $suppress_errors If true, return a falsy value when the token isn't found; When false, return a descriptive WP_Error when the token isn't found.
*
* @return object|false
*/
public function get_access_token( $user_id = false, $token_key = false, $suppress_errors = true ) {
$possible_special_tokens = array();
$possible_normal_tokens = array();
$user_tokens = \Jetpack_Options::get_option( 'user_tokens' );
if ( $user_id ) {
if ( ! $user_tokens ) {
return $suppress_errors ? false : new \WP_Error( 'no_user_tokens' );
}
if ( self::JETPACK_MASTER_USER === $user_id ) {
$user_id = \Jetpack_Options::get_option( 'master_user' );
if ( ! $user_id ) {
return $suppress_errors ? false : new \WP_Error( 'empty_master_user_option' );
}
}
if ( ! isset( $user_tokens[ $user_id ] ) || ! $user_tokens[ $user_id ] ) {
return $suppress_errors ? false : new \WP_Error( 'no_token_for_user', sprintf( 'No token for user %d', $user_id ) );
}
$user_token_chunks = explode( '.', $user_tokens[ $user_id ] );
if ( empty( $user_token_chunks[1] ) || empty( $user_token_chunks[2] ) ) {
return $suppress_errors ? false : new \WP_Error( 'token_malformed', sprintf( 'Token for user %d is malformed', $user_id ) );
}
if ( $user_token_chunks[2] !== (string) $user_id ) {
return $suppress_errors ? false : new \WP_Error( 'user_id_mismatch', sprintf( 'Requesting user_id %d does not match token user_id %d', $user_id, $user_token_chunks[2] ) );
}
$possible_normal_tokens[] = "{$user_token_chunks[0]}.{$user_token_chunks[1]}";
} else {
$stored_blog_token = \Jetpack_Options::get_option( 'blog_token' );
if ( $stored_blog_token ) {
$possible_normal_tokens[] = $stored_blog_token;
}
$defined_tokens_string = Constants::get_constant( 'JETPACK_BLOG_TOKEN' );
if ( $defined_tokens_string ) {
$defined_tokens = explode( ',', $defined_tokens_string );
foreach ( $defined_tokens as $defined_token ) {
if ( ';' === $defined_token[0] ) {
$possible_special_tokens[] = $defined_token;
} else {
$possible_normal_tokens[] = $defined_token;
}
}
}
}
if ( self::MAGIC_NORMAL_TOKEN_KEY === $token_key ) {
$possible_tokens = $possible_normal_tokens;
} else {
$possible_tokens = array_merge( $possible_special_tokens, $possible_normal_tokens );
}
if ( ! $possible_tokens ) {
return $suppress_errors ? false : new \WP_Error( 'no_possible_tokens' );
}
$valid_token = false;
if ( false === $token_key ) {
// Use first token.
$valid_token = $possible_tokens[0];
} elseif ( self::MAGIC_NORMAL_TOKEN_KEY === $token_key ) {
// Use first normal token.
$valid_token = $possible_tokens[0]; // $possible_tokens only contains normal tokens because of earlier check.
} else {
// Use the token matching $token_key or false if none.
// Ensure we check the full key.
$token_check = rtrim( $token_key, '.' ) . '.';
foreach ( $possible_tokens as $possible_token ) {
if ( hash_equals( substr( $possible_token, 0, strlen( $token_check ) ), $token_check ) ) {
$valid_token = $possible_token;
break;
}
}
}
if ( ! $valid_token ) {
return $suppress_errors ? false : new \WP_Error( 'no_valid_token' );
}
return (object) array(
'secret' => $valid_token,
'external_user_id' => (int) $user_id,
);
}
}

146
wp-content/plugins/jetpack/vendor/automattic/jetpack-connection/src/Manager_Interface.php vendored Normal file
View File

@@ -0,0 +1,146 @@
<?php
/**
* The Jetpack Connection Interface file.
*
* @package jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
/**
* The Connection interface class file.
*
* @package jetpack-connection
*/
/**
* The interface that the Connection class must inherit in order to be used for connecting
* to WordPress.com
*/
interface Manager_Interface {
/**
* Initializes all needed hooks and request handlers. Handles API calls, upload
* requests, authentication requests. Also XMLRPC options requests.
* Fallback XMLRPC is also a bridge, but probably can be a class that inherits
* this one. Among other things it should strip existing methods.
*
* @param Array $methods an array of API method names for the Connection to accept and
* pass on to existing callables. It's possible to specify whether
* each method should be available for unauthenticated calls or not.
* @see Jetpack::__construct
*/
public function initialize( $methods );
/**
* Returns true if the current site is connected to WordPress.com.
*
* @return Boolean is the site connected?
*/
public function is_active();
/**
* Returns true if the user with the specified identifier is connected to
* WordPress.com.
*
* @param Integer $user_id the user identifier.
* @return Boolean is the user connected?
*/
public function is_user_connected( $user_id );
/**
* Get the wpcom user data of the current|specified connected user.
*
* @param Integer $user_id the user identifier.
* @return Object the user object.
*/
public function get_connected_user_data( $user_id );
/**
* Is the user the connection owner.
*
* @param Integer $user_id the user identifier.
* @return Boolean is the user the connection owner?
*/
public function is_connection_owner( $user_id );
/**
* Unlinks the current user from the linked WordPress.com user
*
* @param Integer $user_id the user identifier.
*/
public static function disconnect_user( $user_id );
/**
* Initializes a transport server, whatever it may be, saves into the object property.
* Should be changed to be protected.
*/
public function initialize_server();
/**
* Checks if the current request is properly authenticated, bails if not.
* Should be changed to be protected.
*/
public function require_authentication();
/**
* Verifies the correctness of the request signature.
* Should be changed to be protected.
*/
public function verify_signature();
/**
* Attempts Jetpack registration which sets up the site for connection. Should
* remain public because the call to action comes from the current site, not from
* WordPress.com.
*
* @return Integer zero on success, or a bitmask on failure.
*/
public function register();
/**
* Creates two secret tokens and the end of life timestamp for them.
*
* Note these tokens are unique per call, NOT static per site for connecting.
*
* @param String $action The action name.
* @param Integer $user_id The user identifier.
* @return array
*/
public function get_secrets( $action, $user_id );
/**
* Responds to a WordPress.com call to register the current site.
* Should be changed to protected.
*
* @param array $registration_data Array of [ secret_1, user_id ].
*/
public function handle_registration( array $registration_data );
/**
* Responds to a WordPress.com call to authorize the current user.
* Should be changed to protected.
*/
public function handle_authorization();
/**
* Builds a URL to the Jetpack connection auth page.
* This needs rethinking.
*
* @param bool $raw If true, URL will not be escaped.
* @param bool|string $redirect If true, will redirect back to Jetpack wp-admin landing page after connection.
* If string, will be a custom redirect.
* @param bool|string $from If not false, adds 'from=$from' param to the connect URL.
* @param bool $register If true, will generate a register URL regardless of the existing token, since 4.9.0.
*
* @return string Connect URL
*/
public function build_connect_url( $raw, $redirect, $from, $register );
/**
* Disconnects from the Jetpack servers.
* Forgets all connection details and tells the Jetpack servers to do the same.
*/
public function disconnect_site();
}

54
wp-content/plugins/jetpack/vendor/automattic/jetpack-connection/src/REST_Connector.php vendored Normal file
View File

@@ -0,0 +1,54 @@
<?php
/**
* Sets up the Connection REST API endpoints.
*
* @package jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
/**
* Registers the REST routes for Connections.
*/
class REST_Connector {
/**
* The Connection Manager.
*
* @var Manager
*/
private $connection;
/**
* Constructor.
*
* @param Manager $connection The Connection Manager.
*/
public function __construct( Manager $connection ) {
$this->connection = $connection;
// Register a site.
register_rest_route(
'jetpack/v4',
'/verify_registration',
array(
'methods' => \WP_REST_Server::EDITABLE,
'callback' => array( $this, 'verify_registration' ),
)
);
}
/**
* Handles verification that a site is registered.
*
* @since 5.4.0
*
* @param \WP_REST_Request $request The request sent to the WP REST API.
*
* @return string|WP_Error
*/
public function verify_registration( \WP_REST_Request $request ) {
$registration_data = array( $request['secret_1'], $request['state'] );
return $this->connection->handle_registration( $registration_data );
}
}

79
wp-content/plugins/jetpack/vendor/automattic/jetpack-connection/src/XMLRPC_Connector.php vendored Normal file
View File

@@ -0,0 +1,79 @@
<?php
/**
* Sets up the Connection XML-RPC methods.
*
* @package jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
/**
* Registers the XML-RPC methods for Connections.
*/
class XMLRPC_Connector {
/**
* The Connection Manager.
*
* @var Manager
*/
private $connection;
/**
* Constructor.
*
* @param Manager $connection The Connection Manager.
*/
public function __construct( Manager $connection ) {
$this->connection = $connection;
add_filter( 'xmlrpc_methods', array( $this, 'xmlrpc_methods' ) );
}
/**
* Attached to the `xmlrpc_methods` filter.
*
* @param array $methods The already registered XML-RPC methods.
* @return array
*/
public function xmlrpc_methods( $methods ) {
return array_merge(
$methods,
array(
'jetpack.verifyRegistration' => array( $this, 'verify_registration' ),
)
);
}
/**
* Handles verification that a site is registered.
*
* @param array $registration_data The data sent by the XML-RPC client:
* [ $secret_1, $user_id ].
*
* @return string|IXR_Error
*/
public function verify_registration( $registration_data ) {
return $this->output( $this->connection->handle_registration( $registration_data ) );
}
/**
* Normalizes output for XML-RPC.
*
* @param mixed $data The data to output.
*/
private function output( $data ) {
if ( is_wp_error( $data ) ) {
$code = $data->get_error_data();
if ( ! $code ) {
$code = -10520;
}
return new \IXR_Error(
$code,
sprintf( 'Jetpack: [%s] %s', $data->get_error_code(), $data->get_error_message() )
);
}
return $data;
}
}