PluginProbe ʕ •ᴥ•ʔ
WooCommerce / 10.9.3
WooCommerce v10.9.3
10.9.4 10.9.3 10.9.2 10.9.1 10.9.0 10.9.0-rc.1 10.9.0-beta.2 10.9.0-beta.1 10.8.1 10.8.0 10.8.0-rc.1 10.8.0-beta.2 10.8.0-beta.1 7.8.0-beta.1 7.8.0-beta.2 7.8.0-rc.1 7.8.0-rc.2 7.8.1 7.8.2 7.8.3 7.8.4 7.9.0 7.9.0-beta.1 7.9.0-beta.2 7.9.0-rc.2 7.9.0-rc.3 7.9.1 7.9.2 8.0.0 8.0.0-beta.1 8.0.0-beta.2 8.0.0-rc.1 8.0.0-rc.2 8.0.1 8.0.2 8.0.3 8.0.4 8.0.5 8.1.0 8.1.0-beta.1 8.1.0-rc.1 8.1.0-rc.2 8.1.1 8.1.2 8.1.3 8.1.4 8.2.0 8.2.0-beta.1 8.2.0-rc.1 8.2.0-rc.2 8.2.1 8.2.2 8.2.3 8.2.4 8.2.5 8.3.0 8.3.0-beta.1 8.3.0-rc.1 8.3.0-rc.2 8.3.1 8.3.2 8.3.3 8.3.4 8.4.0 8.4.0-beta.1 8.4.0-rc.1 8.4.1 8.4.2 8.4.3 8.5.0 8.5.0-beta.1 8.5.0-rc.1 8.5.1 8.5.2 8.5.3 8.5.4 8.5.5 8.6.0 8.6.0-beta.1 8.6.0-rc.1 8.6.1 8.6.2 8.6.3 8.6.4 8.7.0 8.7.0-beta.1 8.7.0-beta.2 8.7.0-rc.1 8.7.1 8.7.2 8.7.3 8.8.0 8.8.0-beta.1 8.8.0-rc.1 8.8.1 8.8.2 8.8.3 8.8.4 8.8.5 8.8.6 8.8.7 8.9.0 8.9.0-beta.1 8.9.0-rc.1 8.9.1 8.9.2 8.9.3 8.9.4 8.9.5 9.0.0 9.0.0-beta.1 9.0.0-beta.2 9.0.0-rc.1 9.0.1 9.0.2 9.0.3 9.0.4 9.1.0 9.1.0-beta.1 9.1.0-rc.1 9.1.1 9.1.2 9.1.3 9.1.4 9.1.5 9.1.6 9.2.0 9.2.0-beta.1 9.2.0-rc.1 9.2.1 9.2.2 9.2.3 9.2.4 9.2.5 9.3.0 9.3.0-beta.1 9.3.0-rc.1 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.3.6 9.4.0 9.4.0-beta.1 9.4.0-beta.2 9.4.0-rc.1 9.4.0-rc.2 9.4.0-rc.3 9.4.0-rc.4 9.4.1 9.4.2 9.4.3 9.4.4 9.4.5 9.5.0 9.5.0-beta.1 9.5.0-beta.2 9.5.0-rc.1 9.5.1 9.5.2 9.5.3 9.5.4 9.6.0 9.6.0-beta.1 9.6.0-beta.2 9.6.0-rc.1 9.6.1 9.6.2 9.6.3 9.6.4 9.7.0 9.7.0-beta.1 9.7.0-rc.1 9.7.1 9.7.2 9.7.3 9.8.0 9.8.0-beta.1 9.8.0-rc.1 9.8.1 9.8.2 9.8.3 9.8.4 9.8.5 9.8.6 9.8.7 9.9.0 9.9.0-beta.1 9.9.0-rc.1 9.9.1 9.9.2 9.9.3 9.9.4 9.9.5 9.9.6 9.9.7 3.7.3 7.1.2 3.8.0 7.2.0 3.8.0-beta.1 7.2.0-beta.1 3.8.0-rc.1 7.2.0-beta.2 3.8.0-rc.2 7.2.0-rc.1 3.8.1 7.2.0-rc.2 3.8.2 7.2.1 3.8.3 7.2.2 3.9.0 7.2.3 3.9.0-beta.1 7.2.4 3.9.0-beta.2 7.3.0 3.9.0-rc.1 7.3.0-beta.1 3.9.0-rc.2 7.3.0-beta.2 3.9.0-rc.3 7.3.0-rc.1 3.9.0-rc.4 7.3.0-rc.2 3.9.1 7.3.1 3.9.2 7.4.0 3.9.3 7.4.0-beta.1 3.9.4 7.4.0-beta.2 3.9.5 7.4.0-rc.1 4.0.0 7.4.0-rc.2 4.0.0-beta.1 7.4.1 4.0.0-rc.1 7.4.2 4.0.0-rc.2 7.5.0 4.0.1 7.5.0-beta.1 4.0.2 7.5.0-beta.2 4.0.3 7.5.0-rc.1 4.0.4 7.5.1 4.1.0 7.5.2 4.1.0-beta.1 7.6.0 4.1.0-beta.2 7.6.0-beta.1 4.1.0-rc.1 7.6.0-beta.2 4.1.0-rc.2 7.6.0-rc.1 4.1.1 7.6.0-rc.2 4.1.2 7.6.0-rc.3 4.1.3 7.6.1 4.1.4 7.6.2 4.2.0 7.7.0 4.2.0-RC.1 7.7.0-beta.1 4.2.0-RC.2 7.7.0-beta.2 4.2.0-beta.1 7.7.0-rc.1 4.2.1 7.7.1 4.2.2 7.7.2 4.2.3 7.7.3 4.2.4 7.8.0 4.2.5 4.3.0 4.3.0-beta.1 4.3.0-rc.1 4.3.0-rc.2 4.3.0-rc.3 4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.3.6 4.4.0 4.4.0-beta.1 4.4.0-rc.1 4.4.1 4.4.2 4.4.3 4.4.4 4.5.0 4.5.0-beta.1 4.5.0-rc.1 4.5.0-rc.3 4.5.1 4.5.2 4.5.3 4.5.4 4.5.5 4.6.0 4.6.0-beta.1 4.6.0-rc.1 4.6.1 4.6.2 4.6.3 4.6.4 4.6.5 4.7.0 4.7.0-beta.1 4.7.0-beta.2 4.7.0-rc.1 4.7.1 4.7.1-beta.1 4.7.2 4.7.3 4.7.4 4.8.0 4.8.0-beta.1 4.8.0-rc.1 4.8.0-rc.2 4.8.1 4.8.2 4.8.3 4.9.0 4.9.0-beta.1 4.9.0-rc.1 4.9.0-rc.2 4.9.1 4.9.2 4.9.3 4.9.4 4.9.5 5.0.0 5.0.0-beta.1 5.0.0-beta.2 5.0.0-rc.1 5.0.0-rc.2 5.0.0-rc.3 5.0.1 5.0.2 5.0.3 5.1.0 5.1.0-beta.1 5.1.0-rc.1 trunk 5.1.1 10.0.0 5.1.2 10.0.0-rc.1 5.1.3 10.0.0-rc.2 5.2.0 10.0.1 5.2.0-beta.1 10.0.2 5.2.0-rc.1 10.0.3 5.2.0-rc.2 10.0.4 5.2.1 10.0.5 5.2.2 10.0.6 5.2.3 10.1.0 5.2.4 10.1.0-rc.1 5.2.5 10.1.0-rc.2 5.3.0 10.1.0-rc.3 5.3.0-beta.1 10.1.0-rc.4 5.3.0-rc.1 10.1.1 5.3.0-rc.2 10.1.2 5.3.1 10.1.3 5.3.2 10.1.4 5.3.3 10.2.0 5.4.0 10.2.0-beta.1 5.4.0-beta.1 10.2.0-beta.2 5.4.0-rc.1 10.2.0-rc.1 5.4.1 10.2.1 5.4.2 10.2.2 5.4.3 10.2.3 5.4.4 10.2.4 5.4.5 10.3.0 5.5.0 10.3.0-beta.1 5.5.0-beta.1 10.3.0-beta.2 5.5.0-rc.1 10.3.0-rc.1 5.5.0-rc.2 10.3.0-rc.2 5.5.1 10.3.1 5.5.2 10.3.2 5.5.3 10.3.3 5.5.4 10.3.4 5.5.5 10.3.5 5.6.0 10.3.6 5.6.0-beta.1 10.3.7 5.6.0-rc.1 10.3.8 5.6.0-rc.2 10.4.0 5.6.1 10.4.0-beta.1 5.6.2 10.4.0-beta.2 5.6.3 10.4.0-rc.1 5.7.0 10.4.1 5.7.0-beta.1 10.4.2 5.7.0-rc.1 10.4.3 5.7.1 10.4.4 5.7.2 10.5.0 5.7.3 10.5.0-beta.1 5.8.0 10.5.0-beta.2 5.8.0-beta.1 10.5.0-rc.1 5.8.0-beta.2 10.5.0-rc.2 5.8.0-rc.1 10.5.0-rc.3 5.8.1 10.5.1 5.8.2 10.5.2 5.9.0 10.5.3 5.9.0-beta.1 10.6.0 5.9.0-rc.1 10.6.0-beta.1 5.9.0-rc.2 10.6.0-beta.2 5.9.1 10.6.0-rc.1 5.9.2 10.6.1 6.0.0 10.6.2 6.0.0-beta.1 10.7.0 6.0.0-rc.1 10.7.0-beta.1 6.0.1 10.7.0-beta.2 6.0.2 10.7.0-rc.1 6.1.0 3.0.0 6.1.0-beta.1 3.0.1 6.1.0-rc.1 3.0.2 6.1.0-rc.2 3.0.3 6.1.1 3.0.4 6.1.2 3.0.5 6.1.3 3.0.6 6.2.0 3.0.7 6.2.0-beta.1 3.0.8 6.2.0-rc.1 3.0.9 6.2.0-rc.2 3.1.0 6.2.1 3.1.1 6.2.2 3.1.2 6.2.3 3.2.0 6.3.0 3.2.1 6.3.0-beta.1 3.2.2 6.3.0-rc.1 3.2.3 6.3.0-rc.2 3.2.4 6.3.1 3.2.5 6.3.2 3.2.6 6.4.0 3.3.0 6.4.0-beta.1 3.3.1 6.4.0-rc.1 3.3.2 6.4.1 3.3.2-rc.1 6.4.2 3.3.3 6.5.0 3.3.4 6.5.0-beta.1 3.3.5 6.5.0-rc.1 3.3.6 6.5.0-rc.2 3.4.0 6.5.1 3.4.0-beta.1 6.5.2 3.4.0-rc.2 6.6.0 3.4.1 6.6.0-beta.1 3.4.2 6.6.0-rc.1 3.4.3 6.6.0-rc.2 3.4.4 6.6.1 3.4.5 6.6.2 3.4.6 6.7.0 3.4.7 6.7.0-beta.1 3.4.8 6.7.0-beta.2 3.5.0 6.7.0-rc.1 3.5.0-beta.1 6.7.1 3.5.0-rc.1 6.8.0 3.5.0-rc.2 6.8.0-beta.1 3.5.1 6.8.0-beta.2 3.5.10 6.8.0-rc.1 3.5.2 6.8.1 3.5.3 6.8.2 3.5.4 6.8.3 3.5.5 6.9.0 3.5.6 6.9.0-beta.1 3.5.7 6.9.0-beta.2 3.5.8 6.9.0-rc.1 3.5.9 6.9.1 3.6.0 6.9.2 3.6.0-beta.1 6.9.3 3.6.0-rc.1 6.9.4 3.6.0-rc.2 6.9.5 3.6.0-rc.3 7.0.0 3.6.1 7.0.0-beta.1 3.6.2 7.0.0-beta.2 3.6.3 7.0.0-beta.3 3.6.4 7.0.0-rc.1 3.6.5 7.0.0-rc.2 3.6.6 7.0.1 3.6.7 7.0.2 3.7.0 7.1.0 3.7.0-beta.1 7.1.0-beta.1 3.7.0-rc.1 7.1.0-beta.2 3.7.0-rc.2 7.1.0-rc.1 3.7.1 7.1.0-rc.2 3.7.2 7.1.1
woocommerce / src / Internal / Utilities / FilesystemUtil.php
woocommerce / src / Internal / Utilities Last commit date
ArrayUtil.php 7 months ago BlocksUtil.php 5 months ago COTMigrationUtil.php 1 year ago DatabaseUtil.php 1 year ago FilesystemUtil.php 3 months ago HtmlSanitizer.php 2 years ago LegacyRestApiStub.php 4 weeks ago PluginInstaller.php 1 year ago ProductUtil.php 9 months ago Types.php 1 year ago URL.php 1 year ago URLException.php 4 years ago Users.php 4 months ago WebhookUtil.php 4 weeks ago
FilesystemUtil.php
229 lines
1 <?php
2 declare( strict_types = 1 );
3
4 namespace Automattic\WooCommerce\Internal\Utilities;
5
6 use Automattic\Jetpack\Constants;
7 use Automattic\WooCommerce\Proxies\LegacyProxy;
8 use Exception;
9 use WP_Filesystem_Base;
10
11 /**
12 * FilesystemUtil class.
13 */
14 class FilesystemUtil {
15
16 /**
17 * Transient key for tracking FTP filesystem initialization failures.
18 */
19 private const FTP_INIT_FAILURE_TRANSIENT = 'wc_ftp_filesystem_init_failed';
20
21 /**
22 * Cooldown period in minutes before retrying a failed FTP connection.
23 */
24 private const FTP_INIT_COOLDOWN_MINUTES = 2;
25
26 /**
27 * Wrapper to retrieve the class instance contained in the $wp_filesystem global, after initializing if necessary.
28 *
29 * @return WP_Filesystem_Base
30 * @throws Exception Thrown when the filesystem fails to initialize.
31 */
32 public static function get_wp_filesystem(): WP_Filesystem_Base {
33 global $wp_filesystem;
34
35 $initialized = ( $wp_filesystem instanceof WP_Filesystem_Base ) || self::initialize_wp_filesystem();
36
37 if ( ! $initialized || ! self::is_usable_ftp_filesystem( $wp_filesystem ) ) {
38 throw new Exception( 'The WordPress filesystem could not be initialized.' );
39 }
40
41 return $wp_filesystem;
42 }
43
44 /**
45 * Get the WP filesystem method, with a fallback to 'direct' if no FS_METHOD constant exists and there are not FTP related options/credentials set.
46 *
47 * @return string|false The name of the WP filesystem method to use.
48 */
49 public static function get_wp_filesystem_method_or_direct() {
50 $proxy = wc_get_container()->get( LegacyProxy::class );
51 if ( ! self::constant_exists( 'FS_METHOD' ) && false === $proxy->call_function( 'get_option', 'ftp_credentials' ) && ! self::constant_exists( 'FTP_HOST' ) ) {
52 return 'direct';
53 }
54
55 $method = $proxy->call_function( 'get_filesystem_method' );
56 if ( $method ) {
57 return $method;
58 }
59
60 return 'direct';
61 }
62
63 /**
64 * Check if a constant exists and is not null.
65 *
66 * @param string $name Constant name.
67 * @return bool True if the constant exists and its value is not null.
68 */
69 private static function constant_exists( string $name ): bool {
70 return Constants::is_defined( $name ) && ! is_null( Constants::get_constant( $name ) );
71 }
72
73 /**
74 * Recursively creates a directory (if it doesn't exist) and adds an empty index.html and a .htaccess to prevent
75 * directory listing.
76 *
77 * @since 9.3.0
78 *
79 * @param string $path Directory to create.
80 * @param bool $allow_file_access Whether to allow file access while preventing directory listing. Default false (deny all access).
81 * @throws \Exception In case of error.
82 */
83 public static function mkdir_p_not_indexable( string $path, bool $allow_file_access = false ): void {
84 $wp_fs = self::get_wp_filesystem();
85
86 if ( $wp_fs->is_dir( $path ) ) {
87 return;
88 }
89
90 if ( ! wp_mkdir_p( $path ) ) {
91 throw new \Exception( esc_html( sprintf( 'Could not create directory: %s.', wp_basename( $path ) ) ) );
92 }
93
94 $htaccess_content = $allow_file_access ? 'Options -Indexes' : 'deny from all';
95
96 $files = array(
97 '.htaccess' => $htaccess_content,
98 'index.html' => '',
99 );
100
101 foreach ( $files as $name => $content ) {
102 $wp_fs->put_contents( trailingslashit( $path ) . $name, $content );
103 }
104 }
105
106 /**
107 * Wrapper to initialize the WP filesystem with defined credentials if they are available.
108 *
109 * @return bool True if the $wp_filesystem global was successfully initialized.
110 */
111 protected static function initialize_wp_filesystem(): bool {
112 global $wp_filesystem;
113
114 if ( $wp_filesystem instanceof WP_Filesystem_Base ) {
115 return true;
116 }
117
118 require_once ABSPATH . 'wp-admin/includes/file.php';
119
120 $method = self::get_wp_filesystem_method_or_direct();
121 $initialized = false;
122
123 if ( 'direct' === $method ) {
124 $initialized = WP_Filesystem();
125 } elseif ( false !== $method ) {
126 $is_ftp = in_array( $method, array( 'ftpext', 'ftpsockets' ), true );
127
128 if ( $is_ftp && get_transient( self::FTP_INIT_FAILURE_TRANSIENT ) ) {
129 return false;
130 }
131
132 // See https://core.trac.wordpress.org/changeset/56341.
133 ob_start();
134 $credentials = request_filesystem_credentials( '' );
135 ob_end_clean();
136
137 $initialized = $credentials && WP_Filesystem( $credentials );
138
139 if ( $is_ftp ) {
140 if ( ! $initialized ) {
141 // A fixed cooldown is used instead of exponential backoff since this handles a non-critical
142 // edge case (broken FTP filesystem during logging) that most sites will never encounter.
143 set_transient( self::FTP_INIT_FAILURE_TRANSIENT, true, self::FTP_INIT_COOLDOWN_MINUTES * MINUTE_IN_SECONDS );
144 error_log( sprintf( 'WooCommerce: FTP filesystem connection failed. Please check your FTP credentials. Retrying in %d minutes.', self::FTP_INIT_COOLDOWN_MINUTES ) ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_error_log
145 } else {
146 delete_transient( self::FTP_INIT_FAILURE_TRANSIENT );
147 }
148 }
149 }
150
151 return is_null( $initialized ) ? false : $initialized;
152 }
153
154 /**
155 * Check if an FTP-based filesystem instance is usable.
156 *
157 * Checks both the connection resource and the error state. The connection
158 * resource can be null if PHP's max execution time interrupted ftp_connect()
159 * before it completed, leaving the instance in a broken state without errors.
160 *
161 * @param WP_Filesystem_Base $wp_filesystem The filesystem instance to check.
162 * @return bool False if FTP-based and unusable, true otherwise.
163 */
164 private static function is_usable_ftp_filesystem( WP_Filesystem_Base $wp_filesystem ): bool {
165 $has_broken_state = false;
166 $has_errors = false;
167
168 if ( 'ftpext' === $wp_filesystem->method ) {
169 $has_broken_state = empty( $wp_filesystem->link );
170 $has_errors = is_wp_error( $wp_filesystem->errors ) && $wp_filesystem->errors->has_errors();
171 }
172
173 if ( 'ftpsockets' === $wp_filesystem->method ) {
174 $has_broken_state = empty( $wp_filesystem->ftp );
175 $has_errors = is_wp_error( $wp_filesystem->errors ) && $wp_filesystem->errors->has_errors();
176 }
177
178 return ! $has_broken_state && ! $has_errors;
179 }
180
181 /**
182 * Validate that a file path is a valid upload path.
183 *
184 * @param string $path The path to validate.
185 * @throws \Exception If the file path is not a valid upload path.
186 */
187 public static function validate_upload_file_path( string $path ): void {
188 $wp_filesystem = self::get_wp_filesystem();
189
190 // File must exist and be readable.
191 $is_valid_file = $wp_filesystem->is_readable( $path );
192
193 // Check that file is within an allowed location.
194 if ( $is_valid_file ) {
195 $is_valid_file = self::file_is_in_directory( $path, $wp_filesystem->abspath() );
196 if ( ! $is_valid_file ) {
197 $upload_dir = wp_get_upload_dir();
198 $is_valid_file = false === $upload_dir['error'] && self::file_is_in_directory( $path, $upload_dir['basedir'] );
199 }
200 }
201
202 if ( ! $is_valid_file ) {
203 throw new \Exception( esc_html__( 'File path is not a valid upload path.', 'woocommerce' ) );
204 }
205 }
206
207 /**
208 * Check if a given file is inside a given directory.
209 *
210 * @param string $file_path The full path of the file to check.
211 * @param string $directory The path of the directory to check.
212 * @return bool True if the file is inside the directory.
213 */
214 private static function file_is_in_directory( string $file_path, string $directory ): bool {
215 // Extract protocol if it exists.
216 $protocol = '';
217 if ( preg_match( '#^([a-z0-9]+://)#i', $file_path, $matches ) ) {
218 $protocol = $matches[1];
219 $file_path = preg_replace( '#^[a-z0-9]+://#i', '', $file_path );
220 }
221
222 $file_path = (string) new URL( $file_path ); // This resolves '/../' sequences.
223 $file_path = preg_replace( '/^file:\\/\\//', $protocol, $file_path );
224 $file_path = preg_replace( '/^file:\\/\\//', '', $file_path );
225
226 return 0 === stripos( wp_normalize_path( $file_path ), trailingslashit( wp_normalize_path( $directory ) ) );
227 }
228 }
229