PluginProbe ʕ •ᴥ•ʔ
Jetpack – WP Security, Backup, Speed, & Growth / 4.6.3
Jetpack – WP Security, Backup, Speed, & Growth v4.6.3
15.9-a.7 15.9-a.5 15.9-a.3 15.9-a.1 15.8 15.8-beta 15.8-a.7 15.8-a.5 5.2.5 5.3.4 5.4.4 5.5.5 5.6.5 5.7.5 5.8.4 5.9.4 6.0.4 6.1 6.1.1 6.1.2 6.1.3 6.1.4 6.1.5 6.2 6.2.1 6.2.2 6.2.3 6.2.4 6.2.5 6.3 6.3.1 6.3.2 6.3.3 6.3.4 6.3.5 6.3.6 6.3.7 6.4 6.4.1 6.4.2 6.4.3 6.4.4 6.4.5 6.4.6 6.5 6.5.1 6.5.2 6.5.3 6.5.4 6.6 6.6.1 6.6.2 6.6.3 6.6.4 6.6.5 6.7 6.7.1 6.7.2 6.7.3 6.7.4 6.8 6.8.1 6.8.2 6.8.3 6.8.4 6.8.5 6.9 6.9.1 6.9.2 6.9.3 6.9.4 7.0 7.0.1 7.0.2 7.0.3 7.0.4 7.0.5 7.1 7.1.1 7.1.2 7.1.3 7.1.4 7.1.5 7.2 7.2.1 7.2.1.1 7.2.2 7.2.3 7.2.4 7.2.5 7.3 7.3.0.1 7.3.1 7.3.1.1 7.3.2 7.3.3 7.3.4 7.3.5 7.4 7.4.1 7.4.2 7.4.3 7.4.4 7.4.5 7.5 7.5.0.1 7.5.1 7.5.2 7.5.3 7.5.4 7.5.5 7.5.6 7.5.7 7.6 7.6.1 7.6.2 7.6.3 7.6.4 7.7 7.7.1 7.7.2 7.7.3 7.7.4 7.7.5 7.7.6 7.8 7.8.1 7.8.2 7.8.3 7.8.4 7.9 7.9.1 7.9.2 7.9.3 7.9.4 8.0 8.0.1 8.0.2 8.0.3 8.1 8.1.1 8.1.2 8.1.3 8.1.4 8.2 8.2.0.1 8.2.1 8.2.2 8.2.3 8.2.4 8.2.5 8.2.6 8.3 8.3.1 8.3.2 8.3.3 8.4 8.4.1 8.4.2 8.4.3 8.4.4 8.4.5 8.5 8.5.1 8.5.2 8.5.3 8.6 8.6.1 8.6.2 8.6.3 8.6.4 8.7 8.7.0.1 8.7.1 8.7.2 8.7.3 8.7.4 8.8 8.8.1 8.8.2 8.8.3 8.8.4 8.8.5 8.9 8.9.1 8.9.2 8.9.3 8.9.4 9.0 9.0.1 9.0.2 9.0.3 9.0.4 9.0.5 9.1 9.1.1 9.1.2 9.1.3 9.2 9.2.1 9.2.2 9.2.3 9.2.4 9.3 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.4 9.4.1 9.4.2 9.4.3 9.4.4 9.5 9.5.1 9.5.2 9.5.3 9.5.4 9.5.5 9.6 9.6.1 9.6.2 9.6.3 9.6.4 9.7 9.7.1 9.7.2 15.7-beta.2 9.7.3 15.7.1 9.8 15.8-a.1 9.8.1 15.8-a.3 9.8.2 2.0.9 9.8.3 2.1.7 9.9 2.2.10 9.9.1 2.3.10 9.9.2 2.4.7 9.9.3 2.5.5 2.6.6 2.7.5 2.8.5 2.9.6 3.0.6 3.1.5 3.2.5 3.3.6 3.4.6 3.5.6 3.6.4 3.7.5 3.8.5 3.9.10 4.0.7 4.1.4 4.2.5 4.3.5 4.4.5 4.5.3 4.6.3 4.7.4 4.8.5 4.9.3 5.0.3 5.1.4 trunk 10.0 10.0.1 10.0.2 10.1 10.1.1 10.1.2 10.2 10.2.1 10.2.2 10.2.3 10.3 10.3.1 10.3.2 10.4 10.4.1 10.4.2 10.5 10.5.1 10.5.2 10.5.3 10.6 10.6.1 10.6.2 10.7 10.7.1 10.7.2 10.8 10.8.1 10.8.2 10.9 10.9.1 10.9.2 10.9.3 11.0 11.0.1 11.0.2 11.1 11.1.1 11.1.2 11.1.3 11.1.4 11.2 11.2.1 11.2.2 11.3 11.3.1 11.3.2 11.3.3 11.3.4 11.4 11.4.1 11.4.2 11.5 11.5.1 11.5.2 11.5.3 11.6 11.6.1 11.6.2 11.7 11.7.1 11.7.2 11.7.3 11.8 11.8.3 11.8.4 11.8.5 11.8.6 11.9 11.9.1 11.9.2 11.9.3 12.0 12.0.1 12.0.2 12.1 12.1.1 12.1.2 12.2 12.2.1 12.2.2 12.3 12.3.1 12.4 12.4.1 12.5 12.5.1 12.6 12.6.1 12.6.2 12.6.3 12.7 12.7.1 12.7.2 12.8 12.8.1 12.8.2 12.9 12.9.1 12.9.2 12.9.3 12.9.4 13.0 13.0.1 13.1 13.1.1 13.1.2 13.1.3 13.1.4 13.2 13.2.1 13.2.2 13.2.3 13.3 13.3.1 13.3.2 13.4 13.4.1 13.4.2 13.4.3 13.4.4 13.5 13.5.1 13.6 13.6.1 13.7 13.7.1 13.8 13.8.1 13.8.2 13.9 13.9.1 14.0 14.1 14.2 14.2.1 14.3 14.4 14.4.1 14.5 14.6 14.7 14.8 14.9 14.9.1 15.0 15.0.1 15.0.2 15.1 15.1.1 15.2 15.3 15.3.1 15.4 15.5 15.6 15.7 15.7-a.1 15.7-a.3 15.7-a.5 15.7-a.7 15.7-beta
jetpack / class.jetpack-client-server.php
jetpack Last commit date
3rd-party 9 years ago _inc 1 year ago bin 9 years ago css 9 years ago images 1 year ago json-endpoints 9 years ago languages 9 years ago modules 1 year ago sal 9 years ago scss 9 years ago sync 9 years ago views 9 years ago .svnignore 12 years ago changelog.txt 9 years ago class.frame-nonce-preview.php 9 years ago class.jetpack-admin.php 9 years ago class.jetpack-autoupdate.php 9 years ago class.jetpack-bbpress-json-api-compat.php 9 years ago class.jetpack-cli.php 9 years ago class.jetpack-client-server.php 9 years ago class.jetpack-client.php 9 years ago class.jetpack-connection-banner.php 9 years ago class.jetpack-constants.php 9 years ago class.jetpack-data.php 9 years ago class.jetpack-debugger.php 9 years ago class.jetpack-error.php 10 years ago class.jetpack-heartbeat.php 9 years ago class.jetpack-idc.php 9 years ago class.jetpack-ixr-client.php 10 years ago class.jetpack-jitm.php 9 years ago class.jetpack-modules-list-table.php 9 years ago class.jetpack-network-sites-list-table.php 9 years ago class.jetpack-network.php 9 years ago class.jetpack-options.php 9 years ago class.jetpack-post-images.php 9 years ago class.jetpack-signature.php 9 years ago class.jetpack-tracks.php 9 years ago class.jetpack-twitter-cards.php 9 years ago class.jetpack-user-agent.php 9 years ago class.jetpack-xmlrpc-server.php 9 years ago class.jetpack.php 9 years ago class.json-api-endpoints.php 3 years ago class.json-api.php 10 years ago class.photon.php 9 years ago composer.json 10 years ago functions.compat.php 9 years ago functions.gallery.php 10 years ago functions.global.php 9 years ago functions.opengraph.php 9 years ago functions.photon.php 9 years ago jetpack.php 1 year ago json-api-config.php 10 years ago json-endpoints.php 9 years ago locales.php 9 years ago readme.txt 1 year ago require-lib.php 10 years ago rest-api.md 9 years ago uninstall.php 9 years ago webpack.config.js 9 years ago wpml-config.xml 10 years ago
class.jetpack-client-server.php
284 lines
1 <?php
2
3 /**
4 * Client = Plugin
5 * Client Server = API Methods the Plugin must respond to
6 */
7 class Jetpack_Client_Server {
8
9 /**
10 * Authorizations
11 */
12 function client_authorize() {
13 $data = stripslashes_deep( $_GET );
14 $data['auth_type'] = 'client';
15 $role = Jetpack::translate_current_user_to_role();
16 $redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';
17
18 $this->check_admin_referer( "jetpack-authorize_{$role}_{$redirect}" );
19
20 $result = $this->authorize( $data );
21 if ( is_wp_error( $result ) ) {
22 Jetpack::state( 'error', $result->get_error_code() );
23 }
24
25 if ( wp_validate_redirect( $redirect ) ) {
26 $this->wp_safe_redirect( $redirect );
27 } else {
28 $this->wp_safe_redirect( Jetpack::admin_url() );
29 }
30
31 /**
32 * Fires after the Jetpack client is authorized to communicate with WordPress.com.
33 *
34 * @since 4.2.0
35 *
36 * @param int Jetpack Blog ID.
37 */
38 do_action( 'jetpack_client_authorized', Jetpack_Options::get_option( 'id' ) );
39
40 $this->do_exit();
41 }
42
43 function authorize( $data = array() ) {
44 $redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';
45
46 $jetpack_unique_connection = Jetpack_Options::get_option( 'unique_connection' );
47 // Checking if site has been active/connected previously before recording unique connection
48 if ( ! $jetpack_unique_connection ) {
49 // jetpack_unique_connection option has never been set
50 $jetpack_unique_connection = array(
51 'connected' => 0,
52 'disconnected' => 0,
53 'version' => '3.6.1',
54 );
55
56 update_option( 'jetpack_unique_connection', $jetpack_unique_connection );
57
58 //track unique connection
59 $jetpack = $this->get_jetpack();;
60
61 $jetpack->stat( 'connections', 'unique-connection' );
62 $jetpack->do_stats( 'server_side' );
63 }
64
65 // increment number of times connected
66 $jetpack_unique_connection['connected'] += 1;
67 Jetpack_Options::update_option( 'unique_connection', $jetpack_unique_connection );
68
69 $role = Jetpack::translate_current_user_to_role();
70
71 if ( ! $role ) {
72 return new Jetpack_Error( 'no_role', 'Invalid request.', 400 );
73 }
74
75 $cap = Jetpack::translate_role_to_cap( $role );
76 if ( ! $cap ) {
77 return new Jetpack_Error( 'no_cap', 'Invalid request.', 400 );
78 }
79
80 if ( ! empty( $data['error'] ) ) {
81 return new Jetpack_Error( $data['error'], 'Error included in the request.', 400 );
82 }
83
84 if ( ! isset( $data['state'] ) ) {
85 return new Jetpack_Error( 'no_state', 'Request must include state.', 400 );
86 }
87
88 if ( ! ctype_digit( $data['state'] ) ) {
89 return new Jetpack_Error( $data['error'], 'State must be an integer.', 400 );
90 }
91
92 $current_user_id = get_current_user_id();
93 if ( $current_user_id != $data['state'] ) {
94 return new Jetpack_Error( 'wrong_state', 'State does not match current user.', 400 );
95 }
96
97 if ( empty( $data['code'] ) ) {
98 return new Jetpack_Error( 'no_code', 'Request must include an authorization code.', 400 );
99 }
100
101 $token = $this->get_token( $data );
102
103 if ( is_wp_error( $token ) ) {
104 $code = $token->get_error_code();
105 if ( empty( $code ) ) {
106 $code = 'invalid_token';
107 }
108 return new Jetpack_Error( $code, $token->get_error_message(), 400 );
109 }
110
111 if ( ! $token ) {
112 return new Jetpack_Error( 'no_token', 'Error generating token.', 400 );
113 }
114
115 $is_master_user = ! Jetpack::is_active();
116
117 Jetpack::update_user_token( $current_user_id, sprintf( '%s.%d', $token, $current_user_id ), $is_master_user );
118
119 if ( ! $is_master_user ) {
120 Jetpack::state( 'message', 'linked' );
121 // Don't activate anything since we are just connecting a user.
122 return 'linked';
123 }
124
125 $redirect_on_activation_error = ( 'client' === $data['auth_type'] ) ? true : false;
126 if ( $active_modules = Jetpack_Options::get_option( 'active_modules' ) ) {
127 Jetpack::delete_active_modules();
128
129 Jetpack::activate_default_modules( 999, 1, $active_modules, $redirect_on_activation_error );
130 } else {
131 Jetpack::activate_default_modules( false, false, array(), $redirect_on_activation_error );
132 }
133
134 // Since this is a fresh connection, be sure to clear out IDC options
135 Jetpack_IDC::clear_all_idc_options();
136
137 // Start nonce cleaner
138 wp_clear_scheduled_hook( 'jetpack_clean_nonces' );
139 wp_schedule_event( time(), 'hourly', 'jetpack_clean_nonces' );
140
141 Jetpack::state( 'message', 'authorized' );
142 return 'authorized';
143 }
144
145 public static function deactivate_plugin( $probable_file, $probable_title ) {
146 include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
147 if ( is_plugin_active( $probable_file ) ) {
148 deactivate_plugins( $probable_file );
149 return 1;
150 } else {
151 // If the plugin is not in the usual place, try looking through all active plugins.
152 $active_plugins = Jetpack::get_active_plugins();
153 foreach ( $active_plugins as $plugin ) {
154 $data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
155 if ( $data['Name'] == $probable_title ) {
156 deactivate_plugins( $plugin );
157 return 1;
158 }
159 }
160 }
161
162 return 0;
163 }
164
165 /**
166 * @return object|WP_Error
167 */
168 function get_token( $data ) {
169 $role = Jetpack::translate_current_user_to_role();
170
171 if ( ! $role ) {
172 return new Jetpack_Error( 'role', __( 'An administrator for this blog must set up the Jetpack connection.', 'jetpack' ) );
173 }
174
175 $client_secret = Jetpack_Data::get_access_token();
176 if ( ! $client_secret ) {
177 return new Jetpack_Error( 'client_secret', __( 'You need to register your Jetpack before connecting it.', 'jetpack' ) );
178 }
179
180 $redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';
181 $redirect_uri = ( 'calypso' === $data['auth_type'] )
182 ? $data['redirect_uri']
183 : add_query_arg( array(
184 'action' => 'authorize',
185 '_wpnonce' => wp_create_nonce( "jetpack-authorize_{$role}_{$redirect}" ),
186 'redirect' => $redirect ? urlencode( $redirect ) : false,
187 ), menu_page_url( 'jetpack', false ) );
188
189 $body = array(
190 'client_id' => Jetpack_Options::get_option( 'id' ),
191 'client_secret' => $client_secret->secret,
192 'grant_type' => 'authorization_code',
193 'code' => $data['code'],
194 'redirect_uri' => $redirect_uri,
195 );
196
197 $args = array(
198 'method' => 'POST',
199 'body' => $body,
200 'headers' => array(
201 'Accept' => 'application/json',
202 ),
203 );
204 $response = Jetpack_Client::_wp_remote_request( Jetpack::fix_url_for_bad_hosts( Jetpack::api_url( 'token' ) ), $args );
205
206 if ( is_wp_error( $response ) ) {
207 return new Jetpack_Error( 'token_http_request_failed', $response->get_error_message() );
208 }
209
210 $code = wp_remote_retrieve_response_code( $response );
211 $entity = wp_remote_retrieve_body( $response );
212
213 if ( $entity ) {
214 $json = json_decode( $entity );
215 } else {
216 $json = false;
217 }
218
219 if ( 200 != $code || ! empty( $json->error ) ) {
220 if ( empty( $json->error ) ) {
221 return new Jetpack_Error( 'unknown', '', $code );
222 }
223
224 $error_description = isset( $json->error_description ) ? sprintf( __( 'Error Details: %s', 'jetpack' ), (string) $json->error_description ) : '';
225
226 return new Jetpack_Error( (string) $json->error, $error_description, $code );
227 }
228
229 if ( empty( $json->access_token ) || ! is_scalar( $json->access_token ) ) {
230 return new Jetpack_Error( 'access_token', '', $code );
231 }
232
233 if ( empty( $json->token_type ) || 'X_JETPACK' != strtoupper( $json->token_type ) ) {
234 return new Jetpack_Error( 'token_type', '', $code );
235 }
236
237 if ( empty( $json->scope ) ) {
238 return new Jetpack_Error( 'scope', 'No Scope', $code );
239 }
240
241 @list( $role, $hmac ) = explode( ':', $json->scope );
242 if ( empty( $role ) || empty( $hmac ) ) {
243 return new Jetpack_Error( 'scope', 'Malformed Scope', $code );
244 }
245
246 if ( Jetpack::sign_role( $role ) !== $json->scope ) {
247 return new Jetpack_Error( 'scope', 'Invalid Scope', $code );
248 }
249
250 if ( ! $cap = Jetpack::translate_role_to_cap( $role ) ) {
251 return new Jetpack_Error( 'scope', 'No Cap', $code );
252 }
253
254 if ( ! current_user_can( $cap ) ) {
255 return new Jetpack_Error( 'scope', 'current_user_cannot', $code );
256 }
257
258 /**
259 * Fires after user has successfully received an auth token.
260 *
261 * @since 3.9.0
262 */
263 do_action( 'jetpack_user_authorized' );
264
265 return (string) $json->access_token;
266 }
267
268 public function get_jetpack() {
269 return Jetpack::init();
270 }
271
272 public function check_admin_referer( $action ) {
273 return check_admin_referer( $action );
274 }
275
276 public function wp_safe_redirect( $redirect ) {
277 return wp_safe_redirect( $redirect );
278 }
279
280 public function do_exit() {
281 exit;
282 }
283 }
284