Admin
3 years ago
Builder
3 years ago
Helpers
3 years ago
CFF_Autolink.php
3 years ago
CFF_Blocks.php
3 years ago
CFF_Cache.php
3 years ago
CFF_Education.php
3 years ago
CFF_Elementor_Base.php
3 years ago
CFF_Elementor_Widget.php
3 years ago
CFF_Error_Reporter.php
3 years ago
CFF_FB_Settings.php
3 years ago
CFF_Feed_Elementor_Control.php
3 years ago
CFF_Feed_Locator.php
3 years ago
CFF_Feed_Pro.php
3 years ago
CFF_GDPR_Integrations.php
3 years ago
CFF_Group_Posts.php
3 years ago
CFF_HTTP_Request.php
3 years ago
CFF_Oembed.php
3 years ago
CFF_Parse.php
3 years ago
CFF_Resizer.php
3 years ago
CFF_Response.php
3 years ago
CFF_Shortcode.php
3 years ago
CFF_Shortcode_Display.php
3 years ago
CFF_SiteHealth.php
3 years ago
CFF_Utils.php
3 years ago
CFF_View.php
3 years ago
Custom_Facebook_Feed.php
3 years ago
SB_Facebook_Data_Encryption.php
3 years ago
SB_Facebook_Data_Manager.php
3 years ago
SB_Facebook_Data_Encryption.php
190 lines
| 1 | <?php |
| 2 | /** |
| 3 | * Class SB_Facebook_Data_Encryption |
| 4 | * |
| 5 | * @copyright 2021 Google LLC |
| 6 | * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 |
| 7 | * @link https://sitekit.withgoogle.com |
| 8 | */ |
| 9 | |
| 10 | namespace CustomFacebookFeed; |
| 11 | // Exit if accessed directly |
| 12 | if ( ! defined( 'ABSPATH' ) ) { |
| 13 | exit; |
| 14 | } |
| 15 | |
| 16 | |
| 17 | /** |
| 18 | * Class responsible for encrypting and decrypting data. |
| 19 | * |
| 20 | * @since 2.9.4/5.12.4 |
| 21 | * @access private |
| 22 | * @ignore |
| 23 | */ |
| 24 | class SB_Facebook_Data_Encryption { |
| 25 | |
| 26 | /** |
| 27 | * Key to use for encryption. |
| 28 | * |
| 29 | * @since 2.9.4/5.12.4 |
| 30 | * @var string |
| 31 | */ |
| 32 | private $key; |
| 33 | |
| 34 | /** |
| 35 | * Salt to use for encryption. |
| 36 | * |
| 37 | * @since 2.9.4/5.12.4 |
| 38 | * @var string |
| 39 | */ |
| 40 | private $salt; |
| 41 | |
| 42 | /** |
| 43 | * Constructor. |
| 44 | * |
| 45 | * @since 2.9.4/5.12.4 |
| 46 | */ |
| 47 | public function __construct( $remote = array() ) { |
| 48 | if ( ! empty( $remote ) ) { |
| 49 | $this->key = $remote['key']; |
| 50 | $this->salt = $remote['salt']; |
| 51 | } else { |
| 52 | $this->key = $this->get_default_key(); |
| 53 | $this->salt = $this->get_default_salt(); |
| 54 | } |
| 55 | } |
| 56 | |
| 57 | /** |
| 58 | * Encrypts a value. |
| 59 | * |
| 60 | * If a user-based key is set, that key is used. Otherwise the default key is used. |
| 61 | * |
| 62 | * @since 2.9.4/5.12.4 |
| 63 | * |
| 64 | * @param string $value Value to encrypt. |
| 65 | * @return string|bool Encrypted value, or false on failure. |
| 66 | */ |
| 67 | public function encrypt( $value ) { |
| 68 | if ( ! cff_doing_openssl() ) { |
| 69 | return $value; |
| 70 | } |
| 71 | |
| 72 | $method = 'aes-256-ctr'; |
| 73 | $ivlen = openssl_cipher_iv_length( $method ); |
| 74 | $iv = openssl_random_pseudo_bytes( $ivlen ); |
| 75 | |
| 76 | $raw_value = openssl_encrypt( $value . $this->salt, $method, $this->key, 0, $iv ); |
| 77 | if ( ! $raw_value ) { |
| 78 | return false; |
| 79 | } |
| 80 | |
| 81 | return base64_encode( $iv . $raw_value ); |
| 82 | } |
| 83 | |
| 84 | /** |
| 85 | * Decrypts a value. |
| 86 | * |
| 87 | * If a user-based key is set, that key is used. Otherwise the default key is used. |
| 88 | * |
| 89 | * @since 2.9.4/5.12.4 |
| 90 | * |
| 91 | * @param string $raw_value Value to decrypt. |
| 92 | * @return string|bool Decrypted value, or false on failure. |
| 93 | */ |
| 94 | public function decrypt( $raw_value ) { |
| 95 | if ( ! cff_doing_openssl() ) { |
| 96 | return $raw_value; |
| 97 | } |
| 98 | |
| 99 | $raw_value = base64_decode( $raw_value, true ); |
| 100 | |
| 101 | $method = 'aes-256-ctr'; |
| 102 | $ivlen = openssl_cipher_iv_length( $method ); |
| 103 | $iv = substr( $raw_value, 0, $ivlen ); |
| 104 | |
| 105 | $raw_value = substr( $raw_value, $ivlen ); |
| 106 | |
| 107 | $value = openssl_decrypt( $raw_value, $method, $this->key, 0, $iv ); |
| 108 | if ( ! $value || substr( $value, - strlen( $this->salt ) ) !== $this->salt ) { |
| 109 | return false; |
| 110 | } |
| 111 | |
| 112 | return substr( $value, 0, - strlen( $this->salt ) ); |
| 113 | } |
| 114 | |
| 115 | |
| 116 | public function maybe_encrypt( $raw_value ) { |
| 117 | $maybe_decrypted = $this->decrypt( $raw_value ); |
| 118 | |
| 119 | if ( $maybe_decrypted ) { |
| 120 | return $this->encrypt( $maybe_decrypted ); |
| 121 | } |
| 122 | |
| 123 | return $this->encrypt( $raw_value ); |
| 124 | } |
| 125 | |
| 126 | /** |
| 127 | * Uses a raw value and attempts to decrypt it |
| 128 | * |
| 129 | * @param $value |
| 130 | * |
| 131 | * @return bool|string |
| 132 | */ |
| 133 | public function maybe_decrypt( $value ) { |
| 134 | if ( ! is_string( $value ) ) { |
| 135 | return $value; |
| 136 | } |
| 137 | if ( strpos( $value, '{' ) === 0 ) { |
| 138 | return $value; |
| 139 | } |
| 140 | |
| 141 | $decrypted = $this->decrypt( $value ); |
| 142 | |
| 143 | if ( ! $decrypted ) { |
| 144 | return $value; |
| 145 | } |
| 146 | |
| 147 | return $decrypted; |
| 148 | } |
| 149 | |
| 150 | /** |
| 151 | * Gets the default encryption key to use. |
| 152 | * |
| 153 | * @since 2.9.4/5.12.4 |
| 154 | * |
| 155 | * @return string Default (not user-based) encryption key. |
| 156 | */ |
| 157 | private function get_default_key() { |
| 158 | if ( defined( 'CFF_ENCRYPTION_KEY' ) && '' !== CFF_ENCRYPTION_KEY ) { |
| 159 | return CFF_ENCRYPTION_KEY; |
| 160 | } |
| 161 | |
| 162 | if ( defined( 'LOGGED_IN_KEY' ) && '' !== LOGGED_IN_KEY ) { |
| 163 | return LOGGED_IN_KEY; |
| 164 | } |
| 165 | |
| 166 | // If this is reached, you're either not on a live site or have a serious security issue. |
| 167 | return 'das-ist-kein-geheimer-schluessel'; |
| 168 | } |
| 169 | |
| 170 | /** |
| 171 | * Gets the default encryption salt to use. |
| 172 | * |
| 173 | * @since 2.9.4/5.12.4 |
| 174 | * |
| 175 | * @return string Encryption salt. |
| 176 | */ |
| 177 | private function get_default_salt() { |
| 178 | if ( defined( 'CFF_ENCRYPTION_SALT' ) && '' !== CFF_ENCRYPTION_SALT ) { |
| 179 | return CFF_ENCRYPTION_SALT; |
| 180 | } |
| 181 | |
| 182 | if ( defined( 'LOGGED_IN_SALT' ) && '' !== LOGGED_IN_SALT ) { |
| 183 | return LOGGED_IN_SALT; |
| 184 | } |
| 185 | |
| 186 | // If this is reached, you're either not on a live site or have a serious security issue. |
| 187 | return 'das-ist-kein-geheimes-salz'; |
| 188 | } |
| 189 | } |
| 190 |