PluginProbe ʕ •ᴥ•ʔ
Jetpack – WP Security, Backup, Speed, & Growth / 13.3.2
Jetpack – WP Security, Backup, Speed, & Growth v13.3.2
15.9-a.7 15.9-a.5 15.9-a.3 15.9-a.1 15.8 15.8-beta 15.8-a.7 15.8-a.5 5.2.5 5.3.4 5.4.4 5.5.5 5.6.5 5.7.5 5.8.4 5.9.4 6.0.4 6.1 6.1.1 6.1.2 6.1.3 6.1.4 6.1.5 6.2 6.2.1 6.2.2 6.2.3 6.2.4 6.2.5 6.3 6.3.1 6.3.2 6.3.3 6.3.4 6.3.5 6.3.6 6.3.7 6.4 6.4.1 6.4.2 6.4.3 6.4.4 6.4.5 6.4.6 6.5 6.5.1 6.5.2 6.5.3 6.5.4 6.6 6.6.1 6.6.2 6.6.3 6.6.4 6.6.5 6.7 6.7.1 6.7.2 6.7.3 6.7.4 6.8 6.8.1 6.8.2 6.8.3 6.8.4 6.8.5 6.9 6.9.1 6.9.2 6.9.3 6.9.4 7.0 7.0.1 7.0.2 7.0.3 7.0.4 7.0.5 7.1 7.1.1 7.1.2 7.1.3 7.1.4 7.1.5 7.2 7.2.1 7.2.1.1 7.2.2 7.2.3 7.2.4 7.2.5 7.3 7.3.0.1 7.3.1 7.3.1.1 7.3.2 7.3.3 7.3.4 7.3.5 7.4 7.4.1 7.4.2 7.4.3 7.4.4 7.4.5 7.5 7.5.0.1 7.5.1 7.5.2 7.5.3 7.5.4 7.5.5 7.5.6 7.5.7 7.6 7.6.1 7.6.2 7.6.3 7.6.4 7.7 7.7.1 7.7.2 7.7.3 7.7.4 7.7.5 7.7.6 7.8 7.8.1 7.8.2 7.8.3 7.8.4 7.9 7.9.1 7.9.2 7.9.3 7.9.4 8.0 8.0.1 8.0.2 8.0.3 8.1 8.1.1 8.1.2 8.1.3 8.1.4 8.2 8.2.0.1 8.2.1 8.2.2 8.2.3 8.2.4 8.2.5 8.2.6 8.3 8.3.1 8.3.2 8.3.3 8.4 8.4.1 8.4.2 8.4.3 8.4.4 8.4.5 8.5 8.5.1 8.5.2 8.5.3 8.6 8.6.1 8.6.2 8.6.3 8.6.4 8.7 8.7.0.1 8.7.1 8.7.2 8.7.3 8.7.4 8.8 8.8.1 8.8.2 8.8.3 8.8.4 8.8.5 8.9 8.9.1 8.9.2 8.9.3 8.9.4 9.0 9.0.1 9.0.2 9.0.3 9.0.4 9.0.5 9.1 9.1.1 9.1.2 9.1.3 9.2 9.2.1 9.2.2 9.2.3 9.2.4 9.3 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.4 9.4.1 9.4.2 9.4.3 9.4.4 9.5 9.5.1 9.5.2 9.5.3 9.5.4 9.5.5 9.6 9.6.1 9.6.2 9.6.3 9.6.4 9.7 9.7.1 9.7.2 15.7-beta.2 9.7.3 15.7.1 9.8 15.8-a.1 9.8.1 15.8-a.3 9.8.2 2.0.9 9.8.3 2.1.7 9.9 2.2.10 9.9.1 2.3.10 9.9.2 2.4.7 9.9.3 2.5.5 2.6.6 2.7.5 2.8.5 2.9.6 3.0.6 3.1.5 3.2.5 3.3.6 3.4.6 3.5.6 3.6.4 3.7.5 3.8.5 3.9.10 4.0.7 4.1.4 4.2.5 4.3.5 4.4.5 4.5.3 4.6.3 4.7.4 4.8.5 4.9.3 5.0.3 5.1.4 trunk 10.0 10.0.1 10.0.2 10.1 10.1.1 10.1.2 10.2 10.2.1 10.2.2 10.2.3 10.3 10.3.1 10.3.2 10.4 10.4.1 10.4.2 10.5 10.5.1 10.5.2 10.5.3 10.6 10.6.1 10.6.2 10.7 10.7.1 10.7.2 10.8 10.8.1 10.8.2 10.9 10.9.1 10.9.2 10.9.3 11.0 11.0.1 11.0.2 11.1 11.1.1 11.1.2 11.1.3 11.1.4 11.2 11.2.1 11.2.2 11.3 11.3.1 11.3.2 11.3.3 11.3.4 11.4 11.4.1 11.4.2 11.5 11.5.1 11.5.2 11.5.3 11.6 11.6.1 11.6.2 11.7 11.7.1 11.7.2 11.7.3 11.8 11.8.3 11.8.4 11.8.5 11.8.6 11.9 11.9.1 11.9.2 11.9.3 12.0 12.0.1 12.0.2 12.1 12.1.1 12.1.2 12.2 12.2.1 12.2.2 12.3 12.3.1 12.4 12.4.1 12.5 12.5.1 12.6 12.6.1 12.6.2 12.6.3 12.7 12.7.1 12.7.2 12.8 12.8.1 12.8.2 12.9 12.9.1 12.9.2 12.9.3 12.9.4 13.0 13.0.1 13.1 13.1.1 13.1.2 13.1.3 13.1.4 13.2 13.2.1 13.2.2 13.2.3 13.3 13.3.1 13.3.2 13.4 13.4.1 13.4.2 13.4.3 13.4.4 13.5 13.5.1 13.6 13.6.1 13.7 13.7.1 13.8 13.8.1 13.8.2 13.9 13.9.1 14.0 14.1 14.2 14.2.1 14.3 14.4 14.4.1 14.5 14.6 14.7 14.8 14.9 14.9.1 15.0 15.0.1 15.0.2 15.1 15.1.1 15.2 15.3 15.3.1 15.4 15.5 15.6 15.7 15.7-a.1 15.7-a.3 15.7-a.5 15.7-a.7 15.7-beta
jetpack / class.frame-nonce-preview.php
jetpack Last commit date
3rd-party 2 years ago _inc 2 years ago css 2 years ago extensions 2 years ago images 2 years ago jetpack_vendor 1 year ago json-endpoints 2 years ago modules 2 years ago sal 2 years ago src 2 years ago vendor 2 years ago views 3 years ago CHANGELOG.md 2 years ago LICENSE.txt 5 years ago SECURITY.md 2 years ago class-jetpack-connection-status.php 2 years ago class-jetpack-gallery-settings.php 3 years ago class-jetpack-pre-connection-jitms.php 2 years ago class-jetpack-stats-dashboard-widget.php 2 years ago class-jetpack-xmlrpc-methods.php 2 years ago class.frame-nonce-preview.php 4 years ago class.jetpack-admin.php 2 years ago class.jetpack-affiliate.php 2 years ago class.jetpack-autoupdate.php 2 years ago class.jetpack-bbpress-json-api.compat.php 2 years ago class.jetpack-cli.php 2 years ago class.jetpack-client-server.php 2 years ago class.jetpack-gutenberg.php 2 years ago class.jetpack-heartbeat.php 2 years ago class.jetpack-modules-list-table.php 2 years ago class.jetpack-network-sites-list-table.php 2 years ago class.jetpack-network.php 2 years ago class.jetpack-plan.php 2 years ago class.jetpack-post-images.php 2 years ago class.jetpack-twitter-cards.php 2 years ago class.jetpack-user-agent.php 2 years ago class.jetpack.php 2 years ago class.json-api-endpoints.php 2 years ago class.json-api.php 2 years ago class.photon.php 3 years ago composer.json 2 years ago enhanced-open-graph.php 3 years ago functions.compat.php 2 years ago functions.cookies.php 2 years ago functions.global.php 2 years ago functions.is-mobile.php 2 years ago functions.opengraph.php 2 years ago functions.photon.php 2 years ago jetpack.php 1 year ago json-api-config.php 3 years ago json-endpoints.php 2 years ago load-jetpack.php 2 years ago locales.php 4 years ago readme.txt 1 year ago uninstall.php 2 years ago wpml-config.xml 3 years ago
class.frame-nonce-preview.php
134 lines
1 <?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName
2 /**
3 * Allows viewing posts on the frontend when the user is not logged in.
4 *
5 * @package automattic/jetpack
6 */
7
8 // phpcs:disable WordPress.Security.NonceVerification.Recommended -- This is _implementing_ cross-site nonce handling, no need for WordPress's nonces.
9
10 /**
11 * Allows viewing posts on the frontend when the user is not logged in.
12 */
13 class Jetpack_Frame_Nonce_Preview {
14 /**
15 * Static instance.
16 *
17 * @todo This should be private.
18 * @var self
19 */
20 public static $instance = null;
21
22 /**
23 * Returns the single instance of the Jetpack_Frame_Nonce_Preview object
24 *
25 * @since 4.3.0
26 *
27 * @return Jetpack_Frame_Nonce_Preview
28 **/
29 public static function get_instance() {
30 if ( null === self::$instance ) {
31 self::$instance = new Jetpack_Frame_Nonce_Preview();
32 }
33
34 return self::$instance;
35 }
36
37 /**
38 * Constructor.
39 *
40 * @todo This should be private.
41 */
42 public function __construct() {
43 if ( isset( $_GET['frame-nonce'] ) && ! is_admin() ) {
44 add_filter( 'pre_get_posts', array( $this, 'maybe_display_post' ) );
45 }
46
47 // autosave previews are validated differently.
48 if ( isset( $_GET['frame-nonce'] ) && isset( $_GET['preview_id'] ) && isset( $_GET['preview_nonce'] ) ) {
49 remove_action( 'init', '_show_post_preview' );
50 add_action( 'init', array( $this, 'handle_autosave_nonce_validation' ) );
51 }
52 }
53
54 /**
55 * Verify that frame nonce exists, and if so, validate the nonce by calling WP.com.
56 *
57 * @since 4.3.0
58 *
59 * @return bool
60 */
61 public function is_frame_nonce_valid() {
62 if ( empty( $_GET['frame-nonce'] ) ) {
63 return false;
64 }
65
66 $xml = new Jetpack_IXR_Client();
67 $xml->query( 'jetpack.verifyFrameNonce', sanitize_key( $_GET['frame-nonce'] ) );
68
69 if ( $xml->isError() ) {
70 return false;
71 }
72
73 return (bool) $xml->getResponse();
74 }
75
76 /**
77 * Conditionally add a hook on posts_results if this is the main query, a preview, and singular.
78 *
79 * @since 4.3.0
80 *
81 * @param WP_Query $query Query.
82 * @return WP_Query
83 */
84 public function maybe_display_post( $query ) {
85 if (
86 $query->is_main_query() &&
87 $query->is_preview() &&
88 $query->is_singular()
89 ) {
90 add_filter( 'posts_results', array( $this, 'set_post_to_publish' ), 10, 2 );
91 }
92
93 return $query;
94 }
95
96 /**
97 * Conditionally set the first post to 'publish' if the frame nonce is valid and there is a post.
98 *
99 * @since 4.3.0
100 *
101 * @param array $posts Posts.
102 * @return array
103 */
104 public function set_post_to_publish( $posts ) {
105 remove_filter( 'posts_results', array( $this, 'set_post_to_publish' ), 10, 2 );
106
107 if ( empty( $posts ) || is_user_logged_in() || ! $this->is_frame_nonce_valid() ) {
108 return $posts;
109 }
110
111 $posts[0]->post_status = 'publish';
112
113 // Disable comments and pings for this post.
114 add_filter( 'comments_open', '__return_false' );
115 add_filter( 'pings_open', '__return_false' );
116
117 return $posts;
118 }
119
120 /**
121 * Handle validation for autosave preview request
122 *
123 * @since 4.7.0
124 */
125 public function handle_autosave_nonce_validation() {
126 if ( ! $this->is_frame_nonce_valid() ) {
127 wp_die( esc_html__( 'Sorry, you are not allowed to preview drafts.', 'jetpack' ) );
128 }
129 add_filter( 'the_preview', '_set_preview' );
130 }
131 }
132
133 Jetpack_Frame_Nonce_Preview::get_instance();
134