PluginProbe ʕ •ᴥ•ʔ
WooCommerce / 9.6.0-beta.1
WooCommerce v9.6.0-beta.1
10.9.1 10.9.0 10.9.0-rc.1 10.9.0-beta.2 10.9.0-beta.1 10.8.1 10.8.0 10.8.0-rc.1 10.8.0-beta.2 10.8.0-beta.1 7.8.0-beta.1 7.8.0-beta.2 7.8.0-rc.1 7.8.0-rc.2 7.8.1 7.8.2 7.8.3 7.8.4 7.9.0 7.9.0-beta.1 7.9.0-beta.2 7.9.0-rc.2 7.9.0-rc.3 7.9.1 7.9.2 8.0.0 8.0.0-beta.1 8.0.0-beta.2 8.0.0-rc.1 8.0.0-rc.2 8.0.1 8.0.2 8.0.3 8.0.4 8.0.5 8.1.0 8.1.0-beta.1 8.1.0-rc.1 8.1.0-rc.2 8.1.1 8.1.2 8.1.3 8.1.4 8.2.0 8.2.0-beta.1 8.2.0-rc.1 8.2.0-rc.2 8.2.1 8.2.2 8.2.3 8.2.4 8.2.5 8.3.0 8.3.0-beta.1 8.3.0-rc.1 8.3.0-rc.2 8.3.1 8.3.2 8.3.3 8.3.4 8.4.0 8.4.0-beta.1 8.4.0-rc.1 8.4.1 8.4.2 8.4.3 8.5.0 8.5.0-beta.1 8.5.0-rc.1 8.5.1 8.5.2 8.5.3 8.5.4 8.5.5 8.6.0 8.6.0-beta.1 8.6.0-rc.1 8.6.1 8.6.2 8.6.3 8.6.4 8.7.0 8.7.0-beta.1 8.7.0-beta.2 8.7.0-rc.1 8.7.1 8.7.2 8.7.3 8.8.0 8.8.0-beta.1 8.8.0-rc.1 8.8.1 8.8.2 8.8.3 8.8.4 8.8.5 8.8.6 8.8.7 8.9.0 8.9.0-beta.1 8.9.0-rc.1 8.9.1 8.9.2 8.9.3 8.9.4 8.9.5 9.0.0 9.0.0-beta.1 9.0.0-beta.2 9.0.0-rc.1 9.0.1 9.0.2 9.0.3 9.0.4 9.1.0 9.1.0-beta.1 9.1.0-rc.1 9.1.1 9.1.2 9.1.3 9.1.4 9.1.5 9.1.6 9.2.0 9.2.0-beta.1 9.2.0-rc.1 9.2.1 9.2.2 9.2.3 9.2.4 9.2.5 9.3.0 9.3.0-beta.1 9.3.0-rc.1 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.3.6 9.4.0 9.4.0-beta.1 9.4.0-beta.2 9.4.0-rc.1 9.4.0-rc.2 9.4.0-rc.3 9.4.0-rc.4 9.4.1 9.4.2 9.4.3 9.4.4 9.4.5 9.5.0 9.5.0-beta.1 9.5.0-beta.2 9.5.0-rc.1 9.5.1 9.5.2 9.5.3 9.5.4 9.6.0 9.6.0-beta.1 9.6.0-beta.2 9.6.0-rc.1 9.6.1 9.6.2 9.6.3 9.6.4 9.7.0 9.7.0-beta.1 9.7.0-rc.1 9.7.1 9.7.2 9.7.3 9.8.0 9.8.0-beta.1 9.8.0-rc.1 9.8.1 9.8.2 9.8.3 9.8.4 9.8.5 9.8.6 9.8.7 9.9.0 9.9.0-beta.1 9.9.0-rc.1 9.9.1 9.9.2 9.9.3 9.9.4 9.9.5 9.9.6 9.9.7 3.7.3 7.1.2 3.8.0 7.2.0 3.8.0-beta.1 7.2.0-beta.1 3.8.0-rc.1 7.2.0-beta.2 3.8.0-rc.2 7.2.0-rc.1 3.8.1 7.2.0-rc.2 3.8.2 7.2.1 3.8.3 7.2.2 3.9.0 7.2.3 3.9.0-beta.1 7.2.4 3.9.0-beta.2 7.3.0 3.9.0-rc.1 7.3.0-beta.1 3.9.0-rc.2 7.3.0-beta.2 3.9.0-rc.3 7.3.0-rc.1 3.9.0-rc.4 7.3.0-rc.2 3.9.1 7.3.1 3.9.2 7.4.0 3.9.3 7.4.0-beta.1 3.9.4 7.4.0-beta.2 3.9.5 7.4.0-rc.1 4.0.0 7.4.0-rc.2 4.0.0-beta.1 7.4.1 4.0.0-rc.1 7.4.2 4.0.0-rc.2 7.5.0 4.0.1 7.5.0-beta.1 4.0.2 7.5.0-beta.2 4.0.3 7.5.0-rc.1 4.0.4 7.5.1 4.1.0 7.5.2 4.1.0-beta.1 7.6.0 4.1.0-beta.2 7.6.0-beta.1 4.1.0-rc.1 7.6.0-beta.2 4.1.0-rc.2 7.6.0-rc.1 4.1.1 7.6.0-rc.2 4.1.2 7.6.0-rc.3 4.1.3 7.6.1 4.1.4 7.6.2 4.2.0 7.7.0 4.2.0-RC.1 7.7.0-beta.1 4.2.0-RC.2 7.7.0-beta.2 4.2.0-beta.1 7.7.0-rc.1 4.2.1 7.7.1 4.2.2 7.7.2 4.2.3 7.7.3 4.2.4 7.8.0 4.2.5 4.3.0 4.3.0-beta.1 4.3.0-rc.1 4.3.0-rc.2 4.3.0-rc.3 4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.3.6 4.4.0 4.4.0-beta.1 4.4.0-rc.1 4.4.1 4.4.2 4.4.3 4.4.4 4.5.0 4.5.0-beta.1 4.5.0-rc.1 4.5.0-rc.3 4.5.1 4.5.2 4.5.3 4.5.4 4.5.5 4.6.0 4.6.0-beta.1 4.6.0-rc.1 4.6.1 4.6.2 4.6.3 4.6.4 4.6.5 4.7.0 4.7.0-beta.1 4.7.0-beta.2 4.7.0-rc.1 4.7.1 4.7.1-beta.1 4.7.2 4.7.3 4.7.4 4.8.0 4.8.0-beta.1 4.8.0-rc.1 4.8.0-rc.2 4.8.1 4.8.2 4.8.3 4.9.0 4.9.0-beta.1 4.9.0-rc.1 4.9.0-rc.2 4.9.1 4.9.2 4.9.3 4.9.4 4.9.5 5.0.0 5.0.0-beta.1 5.0.0-beta.2 5.0.0-rc.1 5.0.0-rc.2 5.0.0-rc.3 5.0.1 5.0.2 5.0.3 5.1.0 5.1.0-beta.1 5.1.0-rc.1 trunk 5.1.1 10.0.0 5.1.2 10.0.0-rc.1 5.1.3 10.0.0-rc.2 5.2.0 10.0.1 5.2.0-beta.1 10.0.2 5.2.0-rc.1 10.0.3 5.2.0-rc.2 10.0.4 5.2.1 10.0.5 5.2.2 10.0.6 5.2.3 10.1.0 5.2.4 10.1.0-rc.1 5.2.5 10.1.0-rc.2 5.3.0 10.1.0-rc.3 5.3.0-beta.1 10.1.0-rc.4 5.3.0-rc.1 10.1.1 5.3.0-rc.2 10.1.2 5.3.1 10.1.3 5.3.2 10.1.4 5.3.3 10.2.0 5.4.0 10.2.0-beta.1 5.4.0-beta.1 10.2.0-beta.2 5.4.0-rc.1 10.2.0-rc.1 5.4.1 10.2.1 5.4.2 10.2.2 5.4.3 10.2.3 5.4.4 10.2.4 5.4.5 10.3.0 5.5.0 10.3.0-beta.1 5.5.0-beta.1 10.3.0-beta.2 5.5.0-rc.1 10.3.0-rc.1 5.5.0-rc.2 10.3.0-rc.2 5.5.1 10.3.1 5.5.2 10.3.2 5.5.3 10.3.3 5.5.4 10.3.4 5.5.5 10.3.5 5.6.0 10.3.6 5.6.0-beta.1 10.3.7 5.6.0-rc.1 10.3.8 5.6.0-rc.2 10.4.0 5.6.1 10.4.0-beta.1 5.6.2 10.4.0-beta.2 5.6.3 10.4.0-rc.1 5.7.0 10.4.1 5.7.0-beta.1 10.4.2 5.7.0-rc.1 10.4.3 5.7.1 10.4.4 5.7.2 10.5.0 5.7.3 10.5.0-beta.1 5.8.0 10.5.0-beta.2 5.8.0-beta.1 10.5.0-rc.1 5.8.0-beta.2 10.5.0-rc.2 5.8.0-rc.1 10.5.0-rc.3 5.8.1 10.5.1 5.8.2 10.5.2 5.9.0 10.5.3 5.9.0-beta.1 10.6.0 5.9.0-rc.1 10.6.0-beta.1 5.9.0-rc.2 10.6.0-beta.2 5.9.1 10.6.0-rc.1 5.9.2 10.6.1 6.0.0 10.6.2 6.0.0-beta.1 10.7.0 6.0.0-rc.1 10.7.0-beta.1 6.0.1 10.7.0-beta.2 6.0.2 10.7.0-rc.1 6.1.0 3.0.0 6.1.0-beta.1 3.0.1 6.1.0-rc.1 3.0.2 6.1.0-rc.2 3.0.3 6.1.1 3.0.4 6.1.2 3.0.5 6.1.3 3.0.6 6.2.0 3.0.7 6.2.0-beta.1 3.0.8 6.2.0-rc.1 3.0.9 6.2.0-rc.2 3.1.0 6.2.1 3.1.1 6.2.2 3.1.2 6.2.3 3.2.0 6.3.0 3.2.1 6.3.0-beta.1 3.2.2 6.3.0-rc.1 3.2.3 6.3.0-rc.2 3.2.4 6.3.1 3.2.5 6.3.2 3.2.6 6.4.0 3.3.0 6.4.0-beta.1 3.3.1 6.4.0-rc.1 3.3.2 6.4.1 3.3.2-rc.1 6.4.2 3.3.3 6.5.0 3.3.4 6.5.0-beta.1 3.3.5 6.5.0-rc.1 3.3.6 6.5.0-rc.2 3.4.0 6.5.1 3.4.0-beta.1 6.5.2 3.4.0-rc.2 6.6.0 3.4.1 6.6.0-beta.1 3.4.2 6.6.0-rc.1 3.4.3 6.6.0-rc.2 3.4.4 6.6.1 3.4.5 6.6.2 3.4.6 6.7.0 3.4.7 6.7.0-beta.1 3.4.8 6.7.0-beta.2 3.5.0 6.7.0-rc.1 3.5.0-beta.1 6.7.1 3.5.0-rc.1 6.8.0 3.5.0-rc.2 6.8.0-beta.1 3.5.1 6.8.0-beta.2 3.5.10 6.8.0-rc.1 3.5.2 6.8.1 3.5.3 6.8.2 3.5.4 6.8.3 3.5.5 6.9.0 3.5.6 6.9.0-beta.1 3.5.7 6.9.0-beta.2 3.5.8 6.9.0-rc.1 3.5.9 6.9.1 3.6.0 6.9.2 3.6.0-beta.1 6.9.3 3.6.0-rc.1 6.9.4 3.6.0-rc.2 6.9.5 3.6.0-rc.3 7.0.0 3.6.1 7.0.0-beta.1 3.6.2 7.0.0-beta.2 3.6.3 7.0.0-beta.3 3.6.4 7.0.0-rc.1 3.6.5 7.0.0-rc.2 3.6.6 7.0.1 3.6.7 7.0.2 3.7.0 7.1.0 3.7.0-beta.1 7.1.0-beta.1 3.7.0-rc.1 7.1.0-beta.2 3.7.0-rc.2 7.1.0-rc.1 3.7.1 7.1.0-rc.2 3.7.2 7.1.1
woocommerce / vendor / automattic / jetpack-connection / src / class-nonce-handler.php
woocommerce / vendor / automattic / jetpack-connection / src Last commit date
identity-crisis 1 year ago sso 1 year ago webhooks 1 year ago class-authorize-json-api.php 1 year ago class-client.php 1 year ago class-connection-assets.php 1 year ago class-connection-notice.php 1 year ago class-error-handler.php 1 year ago class-heartbeat.php 1 year ago class-initial-state.php 1 year ago class-manager.php 1 year ago class-nonce-handler.php 2 years ago class-package-version-tracker.php 1 year ago class-package-version.php 1 year ago class-partner-coupon.php 1 year ago class-partner.php 1 year ago class-plugin-storage.php 1 year ago class-plugin.php 1 year ago class-rest-authentication.php 1 year ago class-rest-connector.php 1 year ago class-secrets.php 1 year ago class-server-sandbox.php 1 year ago class-terms-of-service.php 2 years ago class-tokens-locks.php 2 years ago class-tokens.php 2 years ago class-tracking.php 1 year ago class-urls.php 1 year ago class-utils.php 1 year ago class-webhooks.php 1 year ago class-xmlrpc-async-call.php 1 year ago class-xmlrpc-connector.php 1 year ago interface-manager.php 3 years ago
class-nonce-handler.php
213 lines
1 <?php
2 /**
3 * The nonce handler.
4 *
5 * @package automattic/jetpack-connection
6 */
7
8 namespace Automattic\Jetpack\Connection;
9
10 /**
11 * The nonce handler.
12 */
13 class Nonce_Handler {
14
15 /**
16 * How long the scheduled cleanup can run (in seconds).
17 * Can be modified using the filter `jetpack_connection_nonce_scheduled_cleanup_limit`.
18 */
19 const SCHEDULED_CLEANUP_TIME_LIMIT = 5;
20
21 /**
22 * How many nonces should be removed per batch during the `clean_all()` run.
23 */
24 const CLEAN_ALL_LIMIT_PER_BATCH = 1000;
25
26 /**
27 * Nonce lifetime in seconds.
28 */
29 const LIFETIME = HOUR_IN_SECONDS;
30
31 /**
32 * The nonces used during the request are stored here to keep them valid.
33 * The property is static to keep the nonces accessible between the `Nonce_Handler` instances.
34 *
35 * @var array
36 */
37 private static $nonces_used_this_request = array();
38
39 /**
40 * The database object.
41 *
42 * @var \wpdb
43 */
44 private $db;
45
46 /**
47 * Initializing the object.
48 */
49 public function __construct() {
50 global $wpdb;
51
52 $this->db = $wpdb;
53 }
54
55 /**
56 * Scheduling the WP-cron cleanup event.
57 */
58 public function init_schedule() {
59 add_action( 'jetpack_clean_nonces', array( __CLASS__, 'clean_scheduled' ) );
60 if ( ! wp_next_scheduled( 'jetpack_clean_nonces' ) ) {
61 wp_schedule_event( time(), 'hourly', 'jetpack_clean_nonces' );
62 }
63 }
64
65 /**
66 * Reschedule the WP-cron cleanup event to make it start sooner.
67 */
68 public function reschedule() {
69 wp_clear_scheduled_hook( 'jetpack_clean_nonces' );
70 wp_schedule_event( time(), 'hourly', 'jetpack_clean_nonces' );
71 }
72
73 /**
74 * Adds a used nonce to a list of known nonces.
75 *
76 * @param int $timestamp the current request timestamp.
77 * @param string $nonce the nonce value.
78 *
79 * @return bool whether the nonce is unique or not.
80 */
81 public function add( $timestamp, $nonce ) {
82 if ( isset( static::$nonces_used_this_request[ "$timestamp:$nonce" ] ) ) {
83 return static::$nonces_used_this_request[ "$timestamp:$nonce" ];
84 }
85
86 // This should always have gone through Jetpack_Signature::sign_request() first to check $timestamp and $nonce.
87 $timestamp = (int) $timestamp;
88 $nonce = esc_sql( $nonce );
89
90 // Raw query so we can avoid races: add_option will also update.
91 $show_errors = $this->db->hide_errors();
92
93 // Running `try...finally` to make sure that we re-enable errors in case of an exception.
94 try {
95 $old_nonce = $this->db->get_row(
96 $this->db->prepare( "SELECT 1 FROM `{$this->db->options}` WHERE option_name = %s", "jetpack_nonce_{$timestamp}_{$nonce}" )
97 );
98
99 if ( $old_nonce === null ) {
100 $return = (bool) $this->db->query(
101 $this->db->prepare(
102 "INSERT INTO `{$this->db->options}` (`option_name`, `option_value`, `autoload`) VALUES (%s, %s, %s)",
103 "jetpack_nonce_{$timestamp}_{$nonce}",
104 time(),
105 'no'
106 )
107 );
108 } else {
109 $return = false;
110 }
111 } finally {
112 $this->db->show_errors( $show_errors );
113 }
114
115 static::$nonces_used_this_request[ "$timestamp:$nonce" ] = $return;
116
117 return $return;
118 }
119
120 /**
121 * Removing all existing nonces, or at least as many as possible.
122 * Capped at 20 seconds to avoid breaking the site.
123 *
124 * @param int $cutoff_timestamp All nonces added before this timestamp will be removed.
125 * @param int $time_limit How long the cleanup can run (in seconds).
126 *
127 * @return true
128 */
129 public function clean_all( $cutoff_timestamp = PHP_INT_MAX, $time_limit = 20 ) {
130 // phpcs:ignore Generic.CodeAnalysis.ForLoopWithTestFunctionCall.NotAllowed
131 for ( $end_time = time() + $time_limit; time() < $end_time; ) {
132 $result = $this->delete( static::CLEAN_ALL_LIMIT_PER_BATCH, $cutoff_timestamp );
133
134 if ( ! $result ) {
135 break;
136 }
137 }
138
139 return true;
140 }
141
142 /**
143 * Scheduled clean up of the expired nonces.
144 */
145 public static function clean_scheduled() {
146 /**
147 * Adjust the time limit for the scheduled cleanup.
148 *
149 * @since 9.5.0
150 *
151 * @param int $time_limit How long the cleanup can run (in seconds).
152 */
153 $time_limit = apply_filters( 'jetpack_connection_nonce_cleanup_runtime_limit', static::SCHEDULED_CLEANUP_TIME_LIMIT );
154
155 ( new static() )->clean_all( time() - static::LIFETIME, $time_limit );
156 }
157
158 /**
159 * Delete the nonces.
160 *
161 * @param int $limit How many nonces to delete.
162 * @param null|int $cutoff_timestamp All nonces added before this timestamp will be removed.
163 *
164 * @return int|false Number of removed nonces, or `false` if nothing to remove (or in case of a database error).
165 */
166 public function delete( $limit = 10, $cutoff_timestamp = null ) {
167 global $wpdb;
168
169 $ids = $wpdb->get_col(
170 $wpdb->prepare(
171 "SELECT option_id FROM `{$wpdb->options}`"
172 . " WHERE `option_name` >= 'jetpack_nonce_' AND `option_name` < %s"
173 . ' LIMIT %d',
174 'jetpack_nonce_' . $cutoff_timestamp,
175 $limit
176 )
177 );
178
179 if ( ! is_array( $ids ) ) {
180 // There's an error and we can't proceed.
181 return false;
182 }
183
184 // Removing zeroes in case AUTO_INCREMENT of the options table is broken, and all ID's are zeroes.
185 $ids = array_filter( $ids );
186
187 if ( array() === $ids ) {
188 // There's nothing to remove.
189 return false;
190 }
191
192 $ids_fill = implode( ', ', array_fill( 0, count( $ids ), '%d' ) );
193
194 $args = $ids;
195 $args[] = 'jetpack_nonce_%';
196
197 // The Code Sniffer is unable to understand what's going on...
198 // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber
199 return $wpdb->query( $wpdb->prepare( "DELETE FROM `{$wpdb->options}` WHERE `option_id` IN ( {$ids_fill} ) AND option_name LIKE %s", $args ) );
200 }
201
202 /**
203 * Clean the cached nonces valid during the current request, therefore making them invalid.
204 *
205 * @return bool
206 */
207 public static function invalidate_request_nonces() {
208 static::$nonces_used_this_request = array();
209
210 return true;
211 }
212 }
213