PluginProbe ʕ •ᴥ•ʔ
JetFormBuilder — Dynamic Blocks Form Builder / 3.4.7
JetFormBuilder — Dynamic Blocks Form Builder v3.4.7
3.6.3.1 3.6.3 3.6.2.2 3.6.2.1 3.6.2 3.6.1.1 3.6.1 3.6.0.1 trunk 1.0.0 1.0.1 1.0.2 1.0.3 1.1.0 1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.1.6 1.1.7 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.0 1.3.1 1.3.2 1.3.3 1.4.0 1.4.1 1.4.2 1.4.3 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 2.0.0 2.0.1 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.1.0 2.1.1 2.1.10 2.1.11 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.1.9 3.0.0 3.0.0.1 3.0.0.2 3.0.0.3 3.0.1 3.0.1.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.0.7 3.0.8 3.0.9 3.1.0 3.1.0.1 3.1.1 3.1.2 3.1.3 3.1.4 3.1.5 3.1.6 3.1.7 3.1.8 3.1.9 3.2.0 3.2.1 3.2.2 3.2.3 3.3.0 3.3.1 3.3.2 3.3.3 3.3.3.1 3.3.4 3.3.4.1 3.3.4.2 3.4.0 3.4.1 3.4.2 3.4.3 3.4.4 3.4.5 3.4.5.1 3.4.5.2 3.4.6 3.4.7 3.4.7.1 3.5.0 3.5.1 3.5.1.1 3.5.1.2 3.5.2 3.5.2.1 3.5.3 3.5.4 3.5.5 3.5.6 3.5.6.1 3.5.6.2 3.5.6.3 3.6.0
jetformbuilder / modules / security / csrf / csrf-tools.php
jetformbuilder / modules / security / csrf Last commit date
csrf-token-model.php 2 years ago csrf-token-view.php 2 years ago csrf-tools.php 1 year ago module.php 1 year ago
csrf-tools.php
115 lines
1 <?php
2
3
4 namespace JFB_Modules\Security\Csrf;
5
6 use Jet_Form_Builder\Classes\Http\Http_Tools;
7 use Jet_Form_Builder\Db_Queries\Exceptions\Sql_Exception;
8 use Jet_Form_Builder\Exceptions\Query_Builder_Exception;
9 use Jet_Form_Builder\Live_Form;
10
11 // If this file is called directly, abort.
12 if ( ! defined( 'WPINC' ) ) {
13 die;
14 }
15
16 class Csrf_Tools {
17
18 const FIELD = '_jfb_csrf_token';
19
20 public static function get_field(): string {
21 // generate new unique token
22 $csrf = static::generate();
23
24 // get hashed string with user-agent, ip address & form-id
25 $client_id = static::client_id( jet_fb_live()->form_id );
26
27 // delete all old tokens
28 Csrf_Token_Model::clear();
29
30 try {
31 // insert new token if client_id is not exist in table
32 $token = static::add( $csrf, $client_id );
33 } catch ( Sql_Exception $exception ) {
34 return '';
35 }
36
37 return Live_Form::force_render_field(
38 'hidden-field',
39 array(
40 'field_value' => $token,
41 'name' => self::FIELD,
42 )
43 );
44 }
45
46 /**
47 * @param string $token
48 * @param string $client_id
49 *
50 * New token or existed
51 *
52 * @return string
53 * @throws Sql_Exception
54 */
55 public static function add( string $token, string $client_id ): string {
56 try {
57 $row = Csrf_Token_View::by_client( $client_id );
58
59 $token = $row['token'];
60 } catch ( Query_Builder_Exception $exception ) {
61 ( new Csrf_Token_Model() )->insert(
62 array(
63 'token' => $token,
64 'client_id' => $client_id,
65 )
66 );
67 }
68
69 return $token;
70 }
71
72
73 public static function verify( string $token, string $client_id ): bool {
74 $where = array(
75 'token' => $token,
76 'client_id' => $client_id,
77 );
78 try {
79 Csrf_Token_View::findOne( $where )->query()->query_one();
80 } catch ( Query_Builder_Exception $exception ) {
81 return false;
82 }
83
84 return true;
85 }
86
87 public static function delete( string $token, string $client_id ): int {
88 $where = array(
89 'token' => $token,
90 'client_id' => $client_id,
91 );
92
93 try {
94 return Csrf_Token_View::delete( $where );
95 } catch ( Query_Builder_Exception $exception ) {
96 return 0;
97 }
98 }
99
100 public static function generate( int $bytes = 16 ): string {
101 try {
102 return \bin2hex( \random_bytes( $bytes ) );
103 } catch ( \Exception $e ) {
104 return uniqid( wp_rand(), true );
105 }
106 }
107
108 public static function client_id( $suffix = '' ): string {
109 $user_agent = Http_Tools::get_user_agent();
110 $ip_address = Http_Tools::get_ip_address();
111
112 return md5( $user_agent . $ip_address . $suffix );
113 }
114 }
115