PluginProbe ʕ •ᴥ•ʔ
Jetpack – WP Security, Backup, Speed, & Growth / 11.3.4
Jetpack – WP Security, Backup, Speed, & Growth v11.3.4
15.9-a.7 15.9-a.5 15.9-a.3 15.9-a.1 15.8 15.8-beta 15.8-a.7 15.8-a.5 5.2.5 5.3.4 5.4.4 5.5.5 5.6.5 5.7.5 5.8.4 5.9.4 6.0.4 6.1 6.1.1 6.1.2 6.1.3 6.1.4 6.1.5 6.2 6.2.1 6.2.2 6.2.3 6.2.4 6.2.5 6.3 6.3.1 6.3.2 6.3.3 6.3.4 6.3.5 6.3.6 6.3.7 6.4 6.4.1 6.4.2 6.4.3 6.4.4 6.4.5 6.4.6 6.5 6.5.1 6.5.2 6.5.3 6.5.4 6.6 6.6.1 6.6.2 6.6.3 6.6.4 6.6.5 6.7 6.7.1 6.7.2 6.7.3 6.7.4 6.8 6.8.1 6.8.2 6.8.3 6.8.4 6.8.5 6.9 6.9.1 6.9.2 6.9.3 6.9.4 7.0 7.0.1 7.0.2 7.0.3 7.0.4 7.0.5 7.1 7.1.1 7.1.2 7.1.3 7.1.4 7.1.5 7.2 7.2.1 7.2.1.1 7.2.2 7.2.3 7.2.4 7.2.5 7.3 7.3.0.1 7.3.1 7.3.1.1 7.3.2 7.3.3 7.3.4 7.3.5 7.4 7.4.1 7.4.2 7.4.3 7.4.4 7.4.5 7.5 7.5.0.1 7.5.1 7.5.2 7.5.3 7.5.4 7.5.5 7.5.6 7.5.7 7.6 7.6.1 7.6.2 7.6.3 7.6.4 7.7 7.7.1 7.7.2 7.7.3 7.7.4 7.7.5 7.7.6 7.8 7.8.1 7.8.2 7.8.3 7.8.4 7.9 7.9.1 7.9.2 7.9.3 7.9.4 8.0 8.0.1 8.0.2 8.0.3 8.1 8.1.1 8.1.2 8.1.3 8.1.4 8.2 8.2.0.1 8.2.1 8.2.2 8.2.3 8.2.4 8.2.5 8.2.6 8.3 8.3.1 8.3.2 8.3.3 8.4 8.4.1 8.4.2 8.4.3 8.4.4 8.4.5 8.5 8.5.1 8.5.2 8.5.3 8.6 8.6.1 8.6.2 8.6.3 8.6.4 8.7 8.7.0.1 8.7.1 8.7.2 8.7.3 8.7.4 8.8 8.8.1 8.8.2 8.8.3 8.8.4 8.8.5 8.9 8.9.1 8.9.2 8.9.3 8.9.4 9.0 9.0.1 9.0.2 9.0.3 9.0.4 9.0.5 9.1 9.1.1 9.1.2 9.1.3 9.2 9.2.1 9.2.2 9.2.3 9.2.4 9.3 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.4 9.4.1 9.4.2 9.4.3 9.4.4 9.5 9.5.1 9.5.2 9.5.3 9.5.4 9.5.5 9.6 9.6.1 9.6.2 9.6.3 9.6.4 9.7 9.7.1 9.7.2 15.7-beta.2 9.7.3 15.7.1 9.8 15.8-a.1 9.8.1 15.8-a.3 9.8.2 2.0.9 9.8.3 2.1.7 9.9 2.2.10 9.9.1 2.3.10 9.9.2 2.4.7 9.9.3 2.5.5 2.6.6 2.7.5 2.8.5 2.9.6 3.0.6 3.1.5 3.2.5 3.3.6 3.4.6 3.5.6 3.6.4 3.7.5 3.8.5 3.9.10 4.0.7 4.1.4 4.2.5 4.3.5 4.4.5 4.5.3 4.6.3 4.7.4 4.8.5 4.9.3 5.0.3 5.1.4 trunk 10.0 10.0.1 10.0.2 10.1 10.1.1 10.1.2 10.2 10.2.1 10.2.2 10.2.3 10.3 10.3.1 10.3.2 10.4 10.4.1 10.4.2 10.5 10.5.1 10.5.2 10.5.3 10.6 10.6.1 10.6.2 10.7 10.7.1 10.7.2 10.8 10.8.1 10.8.2 10.9 10.9.1 10.9.2 10.9.3 11.0 11.0.1 11.0.2 11.1 11.1.1 11.1.2 11.1.3 11.1.4 11.2 11.2.1 11.2.2 11.3 11.3.1 11.3.2 11.3.3 11.3.4 11.4 11.4.1 11.4.2 11.5 11.5.1 11.5.2 11.5.3 11.6 11.6.1 11.6.2 11.7 11.7.1 11.7.2 11.7.3 11.8 11.8.3 11.8.4 11.8.5 11.8.6 11.9 11.9.1 11.9.2 11.9.3 12.0 12.0.1 12.0.2 12.1 12.1.1 12.1.2 12.2 12.2.1 12.2.2 12.3 12.3.1 12.4 12.4.1 12.5 12.5.1 12.6 12.6.1 12.6.2 12.6.3 12.7 12.7.1 12.7.2 12.8 12.8.1 12.8.2 12.9 12.9.1 12.9.2 12.9.3 12.9.4 13.0 13.0.1 13.1 13.1.1 13.1.2 13.1.3 13.1.4 13.2 13.2.1 13.2.2 13.2.3 13.3 13.3.1 13.3.2 13.4 13.4.1 13.4.2 13.4.3 13.4.4 13.5 13.5.1 13.6 13.6.1 13.7 13.7.1 13.8 13.8.1 13.8.2 13.9 13.9.1 14.0 14.1 14.2 14.2.1 14.3 14.4 14.4.1 14.5 14.6 14.7 14.8 14.9 14.9.1 15.0 15.0.1 15.0.2 15.1 15.1.1 15.2 15.3 15.3.1 15.4 15.5 15.6 15.7 15.7-a.1 15.7-a.3 15.7-a.5 15.7-a.7 15.7-beta
jetpack / class-jetpack-xmlrpc-methods.php
jetpack Last commit date
3rd-party 3 years ago _inc 3 years ago css 3 years ago extensions 3 years ago images 3 years ago jetpack_vendor 3 years ago json-endpoints 3 years ago modules 1 year ago sal 3 years ago src 4 years ago vendor 3 years ago views 4 years ago CHANGELOG.md 3 years ago LICENSE.txt 5 years ago SECURITY.md 5 years ago class-jetpack-connection-status.php 5 years ago class-jetpack-gallery-settings.php 4 years ago class-jetpack-pre-connection-jitms.php 4 years ago class-jetpack-recommendations-banner.php 3 years ago class-jetpack-stats-dashboard-widget.php 3 years ago class-jetpack-wizard-banner.php 5 years ago class-jetpack-xmlrpc-methods.php 4 years ago class.frame-nonce-preview.php 4 years ago class.jetpack-admin.php 3 years ago class.jetpack-affiliate.php 4 years ago class.jetpack-autoupdate.php 4 years ago class.jetpack-bbpress-json-api.compat.php 5 years ago class.jetpack-cli.php 3 years ago class.jetpack-client-server.php 4 years ago class.jetpack-connection-banner.php 3 years ago class.jetpack-data.php 5 years ago class.jetpack-gutenberg.php 3 years ago class.jetpack-heartbeat.php 4 years ago class.jetpack-idc.php 4 years ago class.jetpack-modules-list-table.php 3 years ago class.jetpack-network-sites-list-table.php 4 years ago class.jetpack-network.php 4 years ago class.jetpack-plan.php 3 years ago class.jetpack-post-images.php 3 years ago class.jetpack-twitter-cards.php 4 years ago class.jetpack-user-agent.php 4 years ago class.jetpack.php 3 years ago class.json-api-endpoints.php 3 years ago class.json-api.php 3 years ago class.photon.php 3 years ago composer.json 3 years ago enhanced-open-graph.php 4 years ago functions.compat.php 3 years ago functions.cookies.php 5 years ago functions.global.php 3 years ago functions.opengraph.php 4 years ago functions.photon.php 4 years ago jetpack.php 1 year ago json-api-config.php 5 years ago json-endpoints.php 4 years ago load-jetpack.php 3 years ago locales.php 4 years ago readme.txt 1 year ago require-lib.php 3 years ago uninstall.php 5 years ago wpml-config.xml 3 years ago
class-jetpack-xmlrpc-methods.php
271 lines
1 <?php
2 /**
3 * Jetpack XMLRPC Methods.
4 *
5 * Registers the Jetpack specific XMLRPC methods
6 *
7 * @package jetpack
8 */
9
10 use Automattic\Jetpack\Connection\Manager as Connection_Manager;
11 use Automattic\Jetpack\Connection\Tokens;
12
13 /**
14 * XMLRPC Methods registration and callbacks
15 */
16 class Jetpack_XMLRPC_Methods {
17
18 /**
19 * Initialize the main hooks.
20 */
21 public static function init() {
22 add_filter( 'jetpack_xmlrpc_unauthenticated_methods', array( __CLASS__, 'xmlrpc_methods' ) );
23 add_filter( 'jetpack_xmlrpc_test_connection_response', array( __CLASS__, 'test_connection' ) );
24 add_filter( 'jetpack_remote_xmlrpc_provision_response', array( __CLASS__, 'remote_provision_response' ), 10, 2 );
25 add_action( 'jetpack_xmlrpc_server_event', array( __CLASS__, 'jetpack_xmlrpc_server_event' ), 10, 4 );
26 add_action( 'jetpack_remote_connect_end', array( __CLASS__, 'remote_connect_end' ) );
27 add_filter( 'jetpack_xmlrpc_remote_register_redirect_uri', array( __CLASS__, 'remote_register_redirect_uri' ) );
28 }
29
30 /**
31 * Adds Jetpack specific methods to the methods added by the Connection package.
32 *
33 * @param array $methods Methods added by the Connection package.
34 */
35 public static function xmlrpc_methods( $methods ) {
36
37 $methods['jetpack.featuresAvailable'] = array( __CLASS__, 'features_available' );
38 $methods['jetpack.featuresEnabled'] = array( __CLASS__, 'features_enabled' );
39 $methods['jetpack.disconnectBlog'] = array( __CLASS__, 'disconnect_blog' );
40 $methods['jetpack.jsonAPI'] = array( __CLASS__, 'json_api' );
41
42 return $methods;
43 }
44
45 /**
46 * Returns what features are available. Uses the slug of the module files.
47 *
48 * @return array
49 */
50 public static function features_available() {
51 $raw_modules = Jetpack::get_available_modules();
52 $modules = array();
53 foreach ( $raw_modules as $module ) {
54 $modules[] = Jetpack::get_module_slug( $module );
55 }
56
57 return $modules;
58 }
59
60 /**
61 * Returns what features are enabled. Uses the slug of the modules files.
62 *
63 * @return array
64 */
65 public static function features_enabled() {
66 $raw_modules = Jetpack::get_active_modules();
67 $modules = array();
68 foreach ( $raw_modules as $module ) {
69 $modules[] = Jetpack::get_module_slug( $module );
70 }
71
72 return $modules;
73 }
74
75 /**
76 * Filters the result of test_connection XMLRPC method
77 *
78 * @return string The current Jetpack version number
79 */
80 public static function test_connection() {
81 return JETPACK__VERSION;
82 }
83
84 /**
85 * Disconnect this blog from the connected wordpress.com account
86 *
87 * @return boolean
88 */
89 public static function disconnect_blog() {
90
91 /**
92 * Fired when we want to log an event to the Jetpack event log.
93 *
94 * @since 7.7.0
95 *
96 * @param string $code Unique name for the event.
97 * @param string $data Optional data about the event.
98 */
99 do_action( 'jetpack_event_log', 'disconnect' );
100 ( new Connection_Manager( 'jetpack' ) )->disconnect_site();
101
102 return true;
103 }
104
105 /**
106 * Serve a JSON API request.
107 *
108 * @param array $args request arguments.
109 */
110 public static function json_api( $args = array() ) {
111 $json_api_args = $args[0];
112 $verify_api_user_args = $args[1];
113
114 $method = (string) $json_api_args[0];
115 $url = (string) $json_api_args[1];
116 $post_body = $json_api_args[2] === null ? null : (string) $json_api_args[2];
117 $user_details = (array) $json_api_args[4];
118 $locale = (string) $json_api_args[5];
119
120 if ( ! $verify_api_user_args ) {
121 $user_id = 0;
122 } elseif ( 'internal' === $verify_api_user_args[0] ) {
123 $user_id = (int) $verify_api_user_args[1];
124 if ( $user_id ) {
125 $user = get_user_by( 'id', $user_id );
126 if ( ! $user || is_wp_error( $user ) ) {
127 return false;
128 }
129 }
130 } else {
131 $user_id = call_user_func( array( new Jetpack_XMLRPC_Server(), 'test_api_user_code' ), $verify_api_user_args );
132 if ( ! $user_id ) {
133 return false;
134 }
135 }
136
137 if ( 'en' !== $locale ) {
138 // .org mo files are named slightly different from .com, and all we have is this the locale -- try to guess them.
139 $new_locale = $locale;
140 if ( strpos( $locale, '-' ) !== false ) {
141 $locale_pieces = explode( '-', $locale );
142 $new_locale = $locale_pieces[0];
143 $new_locale .= ( ! empty( $locale_pieces[1] ) ) ? '_' . strtoupper( $locale_pieces[1] ) : '';
144 } else {
145 // .com might pass 'fr' because thats what our language files are named as, where core seems
146 // to do fr_FR - so try that if we don't think we can load the file.
147 if ( ! file_exists( WP_LANG_DIR . '/' . $locale . '.mo' ) ) {
148 $new_locale = $locale . '_' . strtoupper( $locale );
149 }
150 }
151
152 if ( file_exists( WP_LANG_DIR . '/' . $new_locale . '.mo' ) ) {
153 unload_textdomain( 'default' );
154 load_textdomain( 'default', WP_LANG_DIR . '/' . $new_locale . '.mo' );
155 }
156 }
157
158 $old_user = wp_get_current_user();
159 wp_set_current_user( $user_id );
160
161 if ( $user_id ) {
162 $token_key = false;
163 } else {
164 $verified = ( new Connection_Manager() )->verify_xml_rpc_signature();
165 $token_key = $verified['token_key'];
166 }
167
168 $token = ( new Tokens() )->get_access_token( $user_id, $token_key );
169 if ( ! $token || is_wp_error( $token ) ) {
170 return false;
171 }
172
173 define( 'REST_API_REQUEST', true );
174 define( 'WPCOM_JSON_API__BASE', 'public-api.wordpress.com/rest/v1' );
175
176 // needed?
177 require_once ABSPATH . 'wp-admin/includes/admin.php';
178
179 require_once JETPACK__PLUGIN_DIR . 'class.json-api.php';
180 $api = WPCOM_JSON_API::init( $method, $url, $post_body );
181 $api->token_details['user'] = $user_details;
182 require_once JETPACK__PLUGIN_DIR . 'class.json-api-endpoints.php';
183
184 $display_errors = ini_set( 'display_errors', 0 ); // phpcs:ignore WordPress.PHP.IniSet
185 ob_start();
186 $api->serve( false );
187 $output = ob_get_clean();
188 ini_set( 'display_errors', $display_errors ); // phpcs:ignore WordPress.PHP.IniSet
189
190 $nonce = wp_generate_password( 10, false );
191 $hmac = hash_hmac( 'md5', $nonce . $output, $token->secret );
192
193 wp_set_current_user( isset( $old_user->ID ) ? $old_user->ID : 0 );
194
195 return array(
196 (string) $output,
197 (string) $nonce,
198 (string) $hmac,
199 );
200 }
201
202 /**
203 * Filters the response of the remote_provision XMLRPC method
204 *
205 * @param array $response The response.
206 * @param array $request An array containing at minimum a nonce key and a local_username key.
207 *
208 * @since 9.8.0
209 * @return array
210 */
211 public static function remote_provision_response( $response, $request ) {
212 if ( ! empty( $request['onboarding'] ) ) {
213 Jetpack::create_onboarding_token();
214 $response['onboarding_token'] = Jetpack_Options::get_option( 'onboarding' );
215 }
216 return $response;
217 }
218
219 /**
220 * Runs Jetpack specific action in xmlrpc server events
221 *
222 * @param String $action the action name, i.e., 'remote_authorize'.
223 * @param String $stage the execution stage, can be 'begin', 'success', 'error', etc.
224 * @param array $parameters extra parameters from the event.
225 * @param WP_User $user the acting user.
226 * @return void
227 */
228 public static function jetpack_xmlrpc_server_event( $action, $stage, $parameters = array(), $user = null ) { //phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
229 if ( 'remote_register' === $action && 'begin' === $stage ) {
230 Jetpack::maybe_set_version_option();
231 }
232 }
233
234 /**
235 * Hooks into the remote_connect XMLRPC endpoint and triggers Jetpack::handle_post_authorization_actions
236 *
237 * @since 9.8.0
238 * @return void
239 */
240 public static function remote_connect_end() {
241 /** This filter is documented in class.jetpack-cli.php */
242 $enable_sso = apply_filters( 'jetpack_start_enable_sso', true );
243 Jetpack::handle_post_authorization_actions( $enable_sso, false, false );
244 }
245
246 /**
247 * Filters the Redirect URI returned by the remote_register XMLRPC method
248 *
249 * @since 9.8.0
250 *
251 * @param string $redirect_uri The Redirect URI.
252 * @return string
253 */
254 public static function remote_register_redirect_uri( $redirect_uri ) {
255 $auto_enable_sso = ( ! ( new Connection_Manager() )->has_connected_owner() || Jetpack::is_module_active( 'sso' ) );
256
257 /** This filter is documented in class.jetpack-cli.php */
258 if ( apply_filters( 'jetpack_start_enable_sso', $auto_enable_sso ) ) {
259 $redirect_uri = add_query_arg(
260 array(
261 'action' => 'jetpack-sso',
262 'redirect_to' => rawurlencode( admin_url() ),
263 ),
264 wp_login_url() // TODO: come back to Jetpack dashboard?
265 );
266 }
267
268 return $redirect_uri;
269 }
270 }
271