PluginProbe ʕ •ᴥ•ʔ
Jetpack – WP Security, Backup, Speed, & Growth / 15.9-a.7
Jetpack – WP Security, Backup, Speed, & Growth v15.9-a.7
15.9-a.7 15.9-a.5 15.9-a.3 15.9-a.1 15.8 15.8-beta 15.8-a.7 15.8-a.5 5.2.5 5.3.4 5.4.4 5.5.5 5.6.5 5.7.5 5.8.4 5.9.4 6.0.4 6.1 6.1.1 6.1.2 6.1.3 6.1.4 6.1.5 6.2 6.2.1 6.2.2 6.2.3 6.2.4 6.2.5 6.3 6.3.1 6.3.2 6.3.3 6.3.4 6.3.5 6.3.6 6.3.7 6.4 6.4.1 6.4.2 6.4.3 6.4.4 6.4.5 6.4.6 6.5 6.5.1 6.5.2 6.5.3 6.5.4 6.6 6.6.1 6.6.2 6.6.3 6.6.4 6.6.5 6.7 6.7.1 6.7.2 6.7.3 6.7.4 6.8 6.8.1 6.8.2 6.8.3 6.8.4 6.8.5 6.9 6.9.1 6.9.2 6.9.3 6.9.4 7.0 7.0.1 7.0.2 7.0.3 7.0.4 7.0.5 7.1 7.1.1 7.1.2 7.1.3 7.1.4 7.1.5 7.2 7.2.1 7.2.1.1 7.2.2 7.2.3 7.2.4 7.2.5 7.3 7.3.0.1 7.3.1 7.3.1.1 7.3.2 7.3.3 7.3.4 7.3.5 7.4 7.4.1 7.4.2 7.4.3 7.4.4 7.4.5 7.5 7.5.0.1 7.5.1 7.5.2 7.5.3 7.5.4 7.5.5 7.5.6 7.5.7 7.6 7.6.1 7.6.2 7.6.3 7.6.4 7.7 7.7.1 7.7.2 7.7.3 7.7.4 7.7.5 7.7.6 7.8 7.8.1 7.8.2 7.8.3 7.8.4 7.9 7.9.1 7.9.2 7.9.3 7.9.4 8.0 8.0.1 8.0.2 8.0.3 8.1 8.1.1 8.1.2 8.1.3 8.1.4 8.2 8.2.0.1 8.2.1 8.2.2 8.2.3 8.2.4 8.2.5 8.2.6 8.3 8.3.1 8.3.2 8.3.3 8.4 8.4.1 8.4.2 8.4.3 8.4.4 8.4.5 8.5 8.5.1 8.5.2 8.5.3 8.6 8.6.1 8.6.2 8.6.3 8.6.4 8.7 8.7.0.1 8.7.1 8.7.2 8.7.3 8.7.4 8.8 8.8.1 8.8.2 8.8.3 8.8.4 8.8.5 8.9 8.9.1 8.9.2 8.9.3 8.9.4 9.0 9.0.1 9.0.2 9.0.3 9.0.4 9.0.5 9.1 9.1.1 9.1.2 9.1.3 9.2 9.2.1 9.2.2 9.2.3 9.2.4 9.3 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.4 9.4.1 9.4.2 9.4.3 9.4.4 9.5 9.5.1 9.5.2 9.5.3 9.5.4 9.5.5 9.6 9.6.1 9.6.2 9.6.3 9.6.4 9.7 9.7.1 9.7.2 15.7-beta.2 9.7.3 15.7.1 9.8 15.8-a.1 9.8.1 15.8-a.3 9.8.2 2.0.9 9.8.3 2.1.7 9.9 2.2.10 9.9.1 2.3.10 9.9.2 2.4.7 9.9.3 2.5.5 2.6.6 2.7.5 2.8.5 2.9.6 3.0.6 3.1.5 3.2.5 3.3.6 3.4.6 3.5.6 3.6.4 3.7.5 3.8.5 3.9.10 4.0.7 4.1.4 4.2.5 4.3.5 4.4.5 4.5.3 4.6.3 4.7.4 4.8.5 4.9.3 5.0.3 5.1.4 trunk 10.0 10.0.1 10.0.2 10.1 10.1.1 10.1.2 10.2 10.2.1 10.2.2 10.2.3 10.3 10.3.1 10.3.2 10.4 10.4.1 10.4.2 10.5 10.5.1 10.5.2 10.5.3 10.6 10.6.1 10.6.2 10.7 10.7.1 10.7.2 10.8 10.8.1 10.8.2 10.9 10.9.1 10.9.2 10.9.3 11.0 11.0.1 11.0.2 11.1 11.1.1 11.1.2 11.1.3 11.1.4 11.2 11.2.1 11.2.2 11.3 11.3.1 11.3.2 11.3.3 11.3.4 11.4 11.4.1 11.4.2 11.5 11.5.1 11.5.2 11.5.3 11.6 11.6.1 11.6.2 11.7 11.7.1 11.7.2 11.7.3 11.8 11.8.3 11.8.4 11.8.5 11.8.6 11.9 11.9.1 11.9.2 11.9.3 12.0 12.0.1 12.0.2 12.1 12.1.1 12.1.2 12.2 12.2.1 12.2.2 12.3 12.3.1 12.4 12.4.1 12.5 12.5.1 12.6 12.6.1 12.6.2 12.6.3 12.7 12.7.1 12.7.2 12.8 12.8.1 12.8.2 12.9 12.9.1 12.9.2 12.9.3 12.9.4 13.0 13.0.1 13.1 13.1.1 13.1.2 13.1.3 13.1.4 13.2 13.2.1 13.2.2 13.2.3 13.3 13.3.1 13.3.2 13.4 13.4.1 13.4.2 13.4.3 13.4.4 13.5 13.5.1 13.6 13.6.1 13.7 13.7.1 13.8 13.8.1 13.8.2 13.9 13.9.1 14.0 14.1 14.2 14.2.1 14.3 14.4 14.4.1 14.5 14.6 14.7 14.8 14.9 14.9.1 15.0 15.0.1 15.0.2 15.1 15.1.1 15.2 15.3 15.3.1 15.4 15.5 15.6 15.7 15.7-a.1 15.7-a.3 15.7-a.5 15.7-a.7 15.7-beta
jetpack / class.frame-nonce-preview.php
jetpack Last commit date
3rd-party 1 week ago _inc 2 days ago css 2 weeks ago extensions 2 days ago images 1 month ago jetpack_vendor 2 days ago json-endpoints 1 week ago modules 2 days ago sal 1 week ago src 2 days ago vendor 2 days ago views 1 month ago CHANGELOG.md 2 days ago LICENSE.txt 5 months ago SECURITY.md 2 days ago class-jetpack-connection-status.php 2 years ago class-jetpack-gallery-settings.php 6 months ago class-jetpack-newsletter-dashboard-widget.php 6 months ago class-jetpack-pre-connection-jitms.php 2 years ago class-jetpack-stats-dashboard-widget.php 3 months ago class-jetpack-xmlrpc-methods.php 1 week ago class.frame-nonce-preview.php 6 months ago class.jetpack-admin.php 2 days ago class.jetpack-autoupdate.php 6 months ago class.jetpack-cli.php 2 days ago class.jetpack-client-server.php 2 years ago class.jetpack-gutenberg.php 1 week ago class.jetpack-heartbeat.php 3 months ago class.jetpack-modules-list-table.php 6 months ago class.jetpack-network-sites-list-table.php 6 months ago class.jetpack-network.php 1 month ago class.jetpack-plan.php 2 years ago class.jetpack-post-images.php 2 months ago class.jetpack-twitter-cards.php 3 months ago class.jetpack-user-agent.php 2 years ago class.jetpack.php 2 days ago class.json-api-endpoints.php 1 week ago class.json-api.php 2 weeks ago class.photon.php 3 years ago composer.json 2 days ago enhanced-open-graph.php 1 week ago functions.compat.php 3 months ago functions.cookies.php 2 years ago functions.global.php 2 days ago functions.is-mobile.php 2 years ago functions.opengraph.php 2 months ago functions.photon.php 2 years ago jetpack.php 2 days ago json-api-config.php 3 years ago json-endpoints.php 2 years ago load-jetpack.php 1 week ago locales.php 6 months ago readme.txt 2 days ago unauth-file-upload.php 6 months ago uninstall.php 6 months ago wpml-config.xml 3 years ago
class.frame-nonce-preview.php
134 lines
1 <?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName
2 /**
3 * Allows viewing posts on the frontend when the user is not logged in.
4 *
5 * @package automattic/jetpack
6 */
7
8 // phpcs:disable WordPress.Security.NonceVerification.Recommended -- This is _implementing_ cross-site nonce handling, no need for WordPress's nonces.
9
10 /**
11 * Allows viewing posts on the frontend when the user is not logged in.
12 */
13 class Jetpack_Frame_Nonce_Preview {
14 /**
15 * Static instance.
16 *
17 * @todo This should be private.
18 * @var self
19 */
20 public static $instance = null;
21
22 /**
23 * Returns the single instance of the Jetpack_Frame_Nonce_Preview object
24 *
25 * @since 4.3.0
26 *
27 * @return Jetpack_Frame_Nonce_Preview
28 **/
29 public static function get_instance() {
30 if ( null === self::$instance ) {
31 self::$instance = new Jetpack_Frame_Nonce_Preview();
32 }
33
34 return self::$instance;
35 }
36
37 /**
38 * Constructor.
39 *
40 * @todo This should be private.
41 */
42 public function __construct() {
43 if ( isset( $_GET['frame-nonce'] ) && ! is_admin() ) {
44 add_filter( 'pre_get_posts', array( $this, 'maybe_display_post' ) );
45 }
46
47 // autosave previews are validated differently.
48 if ( isset( $_GET['frame-nonce'] ) && isset( $_GET['preview_id'] ) && isset( $_GET['preview_nonce'] ) ) {
49 remove_action( 'init', '_show_post_preview' );
50 add_action( 'init', array( $this, 'handle_autosave_nonce_validation' ) );
51 }
52 }
53
54 /**
55 * Verify that frame nonce exists, and if so, validate the nonce by calling WP.com.
56 *
57 * @since 4.3.0
58 *
59 * @return bool
60 */
61 public function is_frame_nonce_valid() {
62 if ( empty( $_GET['frame-nonce'] ) ) {
63 return false;
64 }
65
66 $xml = new Jetpack_IXR_Client();
67 $xml->query( 'jetpack.verifyFrameNonce', sanitize_key( $_GET['frame-nonce'] ) );
68
69 if ( $xml->isError() ) {
70 return false;
71 }
72
73 return (bool) $xml->getResponse();
74 }
75
76 /**
77 * Conditionally add a hook on posts_results if this is the main query, a preview, and singular.
78 *
79 * @since 4.3.0
80 *
81 * @param WP_Query $query Query.
82 * @return WP_Query
83 */
84 public function maybe_display_post( $query ) {
85 if (
86 $query->is_main_query() &&
87 $query->is_preview() &&
88 $query->is_singular()
89 ) {
90 add_filter( 'posts_results', array( $this, 'set_post_to_publish' ), 10, 2 );
91 }
92
93 return $query;
94 }
95
96 /**
97 * Conditionally set the first post to 'publish' if the frame nonce is valid and there is a post.
98 *
99 * @since 4.3.0
100 *
101 * @param array $posts Posts.
102 * @return array
103 */
104 public function set_post_to_publish( $posts ) {
105 remove_filter( 'posts_results', array( $this, 'set_post_to_publish' ), 10 );
106
107 if ( empty( $posts ) || is_user_logged_in() || ! $this->is_frame_nonce_valid() ) {
108 return $posts;
109 }
110
111 $posts[0]->post_status = 'publish';
112
113 // Disable comments and pings for this post.
114 add_filter( 'comments_open', '__return_false' );
115 add_filter( 'pings_open', '__return_false' );
116
117 return $posts;
118 }
119
120 /**
121 * Handle validation for autosave preview request
122 *
123 * @since 4.7.0
124 */
125 public function handle_autosave_nonce_validation() {
126 if ( ! $this->is_frame_nonce_valid() ) {
127 wp_die( esc_html__( 'Sorry, you are not allowed to preview drafts.', 'jetpack' ) );
128 }
129 add_filter( 'the_preview', '_set_preview' );
130 }
131 }
132
133 Jetpack_Frame_Nonce_Preview::get_instance();
134