PluginProbe ʕ •ᴥ•ʔ
WooCommerce / 9.6.0-beta.1
WooCommerce v9.6.0-beta.1
10.9.1 10.9.0 10.9.0-rc.1 10.9.0-beta.2 10.9.0-beta.1 10.8.1 10.8.0 10.8.0-rc.1 10.8.0-beta.2 10.8.0-beta.1 7.8.0-beta.1 7.8.0-beta.2 7.8.0-rc.1 7.8.0-rc.2 7.8.1 7.8.2 7.8.3 7.8.4 7.9.0 7.9.0-beta.1 7.9.0-beta.2 7.9.0-rc.2 7.9.0-rc.3 7.9.1 7.9.2 8.0.0 8.0.0-beta.1 8.0.0-beta.2 8.0.0-rc.1 8.0.0-rc.2 8.0.1 8.0.2 8.0.3 8.0.4 8.0.5 8.1.0 8.1.0-beta.1 8.1.0-rc.1 8.1.0-rc.2 8.1.1 8.1.2 8.1.3 8.1.4 8.2.0 8.2.0-beta.1 8.2.0-rc.1 8.2.0-rc.2 8.2.1 8.2.2 8.2.3 8.2.4 8.2.5 8.3.0 8.3.0-beta.1 8.3.0-rc.1 8.3.0-rc.2 8.3.1 8.3.2 8.3.3 8.3.4 8.4.0 8.4.0-beta.1 8.4.0-rc.1 8.4.1 8.4.2 8.4.3 8.5.0 8.5.0-beta.1 8.5.0-rc.1 8.5.1 8.5.2 8.5.3 8.5.4 8.5.5 8.6.0 8.6.0-beta.1 8.6.0-rc.1 8.6.1 8.6.2 8.6.3 8.6.4 8.7.0 8.7.0-beta.1 8.7.0-beta.2 8.7.0-rc.1 8.7.1 8.7.2 8.7.3 8.8.0 8.8.0-beta.1 8.8.0-rc.1 8.8.1 8.8.2 8.8.3 8.8.4 8.8.5 8.8.6 8.8.7 8.9.0 8.9.0-beta.1 8.9.0-rc.1 8.9.1 8.9.2 8.9.3 8.9.4 8.9.5 9.0.0 9.0.0-beta.1 9.0.0-beta.2 9.0.0-rc.1 9.0.1 9.0.2 9.0.3 9.0.4 9.1.0 9.1.0-beta.1 9.1.0-rc.1 9.1.1 9.1.2 9.1.3 9.1.4 9.1.5 9.1.6 9.2.0 9.2.0-beta.1 9.2.0-rc.1 9.2.1 9.2.2 9.2.3 9.2.4 9.2.5 9.3.0 9.3.0-beta.1 9.3.0-rc.1 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.3.6 9.4.0 9.4.0-beta.1 9.4.0-beta.2 9.4.0-rc.1 9.4.0-rc.2 9.4.0-rc.3 9.4.0-rc.4 9.4.1 9.4.2 9.4.3 9.4.4 9.4.5 9.5.0 9.5.0-beta.1 9.5.0-beta.2 9.5.0-rc.1 9.5.1 9.5.2 9.5.3 9.5.4 9.6.0 9.6.0-beta.1 9.6.0-beta.2 9.6.0-rc.1 9.6.1 9.6.2 9.6.3 9.6.4 9.7.0 9.7.0-beta.1 9.7.0-rc.1 9.7.1 9.7.2 9.7.3 9.8.0 9.8.0-beta.1 9.8.0-rc.1 9.8.1 9.8.2 9.8.3 9.8.4 9.8.5 9.8.6 9.8.7 9.9.0 9.9.0-beta.1 9.9.0-rc.1 9.9.1 9.9.2 9.9.3 9.9.4 9.9.5 9.9.6 9.9.7 3.7.3 7.1.2 3.8.0 7.2.0 3.8.0-beta.1 7.2.0-beta.1 3.8.0-rc.1 7.2.0-beta.2 3.8.0-rc.2 7.2.0-rc.1 3.8.1 7.2.0-rc.2 3.8.2 7.2.1 3.8.3 7.2.2 3.9.0 7.2.3 3.9.0-beta.1 7.2.4 3.9.0-beta.2 7.3.0 3.9.0-rc.1 7.3.0-beta.1 3.9.0-rc.2 7.3.0-beta.2 3.9.0-rc.3 7.3.0-rc.1 3.9.0-rc.4 7.3.0-rc.2 3.9.1 7.3.1 3.9.2 7.4.0 3.9.3 7.4.0-beta.1 3.9.4 7.4.0-beta.2 3.9.5 7.4.0-rc.1 4.0.0 7.4.0-rc.2 4.0.0-beta.1 7.4.1 4.0.0-rc.1 7.4.2 4.0.0-rc.2 7.5.0 4.0.1 7.5.0-beta.1 4.0.2 7.5.0-beta.2 4.0.3 7.5.0-rc.1 4.0.4 7.5.1 4.1.0 7.5.2 4.1.0-beta.1 7.6.0 4.1.0-beta.2 7.6.0-beta.1 4.1.0-rc.1 7.6.0-beta.2 4.1.0-rc.2 7.6.0-rc.1 4.1.1 7.6.0-rc.2 4.1.2 7.6.0-rc.3 4.1.3 7.6.1 4.1.4 7.6.2 4.2.0 7.7.0 4.2.0-RC.1 7.7.0-beta.1 4.2.0-RC.2 7.7.0-beta.2 4.2.0-beta.1 7.7.0-rc.1 4.2.1 7.7.1 4.2.2 7.7.2 4.2.3 7.7.3 4.2.4 7.8.0 4.2.5 4.3.0 4.3.0-beta.1 4.3.0-rc.1 4.3.0-rc.2 4.3.0-rc.3 4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.3.6 4.4.0 4.4.0-beta.1 4.4.0-rc.1 4.4.1 4.4.2 4.4.3 4.4.4 4.5.0 4.5.0-beta.1 4.5.0-rc.1 4.5.0-rc.3 4.5.1 4.5.2 4.5.3 4.5.4 4.5.5 4.6.0 4.6.0-beta.1 4.6.0-rc.1 4.6.1 4.6.2 4.6.3 4.6.4 4.6.5 4.7.0 4.7.0-beta.1 4.7.0-beta.2 4.7.0-rc.1 4.7.1 4.7.1-beta.1 4.7.2 4.7.3 4.7.4 4.8.0 4.8.0-beta.1 4.8.0-rc.1 4.8.0-rc.2 4.8.1 4.8.2 4.8.3 4.9.0 4.9.0-beta.1 4.9.0-rc.1 4.9.0-rc.2 4.9.1 4.9.2 4.9.3 4.9.4 4.9.5 5.0.0 5.0.0-beta.1 5.0.0-beta.2 5.0.0-rc.1 5.0.0-rc.2 5.0.0-rc.3 5.0.1 5.0.2 5.0.3 5.1.0 5.1.0-beta.1 5.1.0-rc.1 trunk 5.1.1 10.0.0 5.1.2 10.0.0-rc.1 5.1.3 10.0.0-rc.2 5.2.0 10.0.1 5.2.0-beta.1 10.0.2 5.2.0-rc.1 10.0.3 5.2.0-rc.2 10.0.4 5.2.1 10.0.5 5.2.2 10.0.6 5.2.3 10.1.0 5.2.4 10.1.0-rc.1 5.2.5 10.1.0-rc.2 5.3.0 10.1.0-rc.3 5.3.0-beta.1 10.1.0-rc.4 5.3.0-rc.1 10.1.1 5.3.0-rc.2 10.1.2 5.3.1 10.1.3 5.3.2 10.1.4 5.3.3 10.2.0 5.4.0 10.2.0-beta.1 5.4.0-beta.1 10.2.0-beta.2 5.4.0-rc.1 10.2.0-rc.1 5.4.1 10.2.1 5.4.2 10.2.2 5.4.3 10.2.3 5.4.4 10.2.4 5.4.5 10.3.0 5.5.0 10.3.0-beta.1 5.5.0-beta.1 10.3.0-beta.2 5.5.0-rc.1 10.3.0-rc.1 5.5.0-rc.2 10.3.0-rc.2 5.5.1 10.3.1 5.5.2 10.3.2 5.5.3 10.3.3 5.5.4 10.3.4 5.5.5 10.3.5 5.6.0 10.3.6 5.6.0-beta.1 10.3.7 5.6.0-rc.1 10.3.8 5.6.0-rc.2 10.4.0 5.6.1 10.4.0-beta.1 5.6.2 10.4.0-beta.2 5.6.3 10.4.0-rc.1 5.7.0 10.4.1 5.7.0-beta.1 10.4.2 5.7.0-rc.1 10.4.3 5.7.1 10.4.4 5.7.2 10.5.0 5.7.3 10.5.0-beta.1 5.8.0 10.5.0-beta.2 5.8.0-beta.1 10.5.0-rc.1 5.8.0-beta.2 10.5.0-rc.2 5.8.0-rc.1 10.5.0-rc.3 5.8.1 10.5.1 5.8.2 10.5.2 5.9.0 10.5.3 5.9.0-beta.1 10.6.0 5.9.0-rc.1 10.6.0-beta.1 5.9.0-rc.2 10.6.0-beta.2 5.9.1 10.6.0-rc.1 5.9.2 10.6.1 6.0.0 10.6.2 6.0.0-beta.1 10.7.0 6.0.0-rc.1 10.7.0-beta.1 6.0.1 10.7.0-beta.2 6.0.2 10.7.0-rc.1 6.1.0 3.0.0 6.1.0-beta.1 3.0.1 6.1.0-rc.1 3.0.2 6.1.0-rc.2 3.0.3 6.1.1 3.0.4 6.1.2 3.0.5 6.1.3 3.0.6 6.2.0 3.0.7 6.2.0-beta.1 3.0.8 6.2.0-rc.1 3.0.9 6.2.0-rc.2 3.1.0 6.2.1 3.1.1 6.2.2 3.1.2 6.2.3 3.2.0 6.3.0 3.2.1 6.3.0-beta.1 3.2.2 6.3.0-rc.1 3.2.3 6.3.0-rc.2 3.2.4 6.3.1 3.2.5 6.3.2 3.2.6 6.4.0 3.3.0 6.4.0-beta.1 3.3.1 6.4.0-rc.1 3.3.2 6.4.1 3.3.2-rc.1 6.4.2 3.3.3 6.5.0 3.3.4 6.5.0-beta.1 3.3.5 6.5.0-rc.1 3.3.6 6.5.0-rc.2 3.4.0 6.5.1 3.4.0-beta.1 6.5.2 3.4.0-rc.2 6.6.0 3.4.1 6.6.0-beta.1 3.4.2 6.6.0-rc.1 3.4.3 6.6.0-rc.2 3.4.4 6.6.1 3.4.5 6.6.2 3.4.6 6.7.0 3.4.7 6.7.0-beta.1 3.4.8 6.7.0-beta.2 3.5.0 6.7.0-rc.1 3.5.0-beta.1 6.7.1 3.5.0-rc.1 6.8.0 3.5.0-rc.2 6.8.0-beta.1 3.5.1 6.8.0-beta.2 3.5.10 6.8.0-rc.1 3.5.2 6.8.1 3.5.3 6.8.2 3.5.4 6.8.3 3.5.5 6.9.0 3.5.6 6.9.0-beta.1 3.5.7 6.9.0-beta.2 3.5.8 6.9.0-rc.1 3.5.9 6.9.1 3.6.0 6.9.2 3.6.0-beta.1 6.9.3 3.6.0-rc.1 6.9.4 3.6.0-rc.2 6.9.5 3.6.0-rc.3 7.0.0 3.6.1 7.0.0-beta.1 3.6.2 7.0.0-beta.2 3.6.3 7.0.0-beta.3 3.6.4 7.0.0-rc.1 3.6.5 7.0.0-rc.2 3.6.6 7.0.1 3.6.7 7.0.2 3.7.0 7.1.0 3.7.0-beta.1 7.1.0-beta.1 3.7.0-rc.1 7.1.0-beta.2 3.7.0-rc.2 7.1.0-rc.1 3.7.1 7.1.0-rc.2 3.7.2 7.1.1
woocommerce / vendor / automattic / jetpack-connection / src / class-webhooks.php
woocommerce / vendor / automattic / jetpack-connection / src Last commit date
identity-crisis 1 year ago sso 1 year ago webhooks 1 year ago class-authorize-json-api.php 1 year ago class-client.php 1 year ago class-connection-assets.php 1 year ago class-connection-notice.php 1 year ago class-error-handler.php 1 year ago class-heartbeat.php 1 year ago class-initial-state.php 1 year ago class-manager.php 1 year ago class-nonce-handler.php 2 years ago class-package-version-tracker.php 1 year ago class-package-version.php 1 year ago class-partner-coupon.php 1 year ago class-partner.php 1 year ago class-plugin-storage.php 1 year ago class-plugin.php 1 year ago class-rest-authentication.php 1 year ago class-rest-connector.php 1 year ago class-secrets.php 1 year ago class-server-sandbox.php 1 year ago class-terms-of-service.php 2 years ago class-tokens-locks.php 2 years ago class-tokens.php 2 years ago class-tracking.php 1 year ago class-urls.php 1 year ago class-utils.php 1 year ago class-webhooks.php 1 year ago class-xmlrpc-async-call.php 1 year ago class-xmlrpc-connector.php 1 year ago interface-manager.php 3 years ago
class-webhooks.php
218 lines
1 <?php
2 /**
3 * Connection Webhooks class.
4 *
5 * @package automattic/jetpack-connection
6 */
7
8 namespace Automattic\Jetpack\Connection;
9
10 use Automattic\Jetpack\CookieState;
11 use Automattic\Jetpack\Roles;
12 use Automattic\Jetpack\Status\Host;
13 use Automattic\Jetpack\Tracking;
14 use Jetpack_Options;
15
16 /**
17 * Connection Webhooks class.
18 */
19 class Webhooks {
20
21 /**
22 * The Connection Manager object.
23 *
24 * @var Manager
25 */
26 private $connection;
27
28 /**
29 * Webhooks constructor.
30 *
31 * @param Manager $connection The Connection Manager object.
32 */
33 public function __construct( $connection ) {
34 $this->connection = $connection;
35 }
36
37 /**
38 * Initialize the webhooks.
39 *
40 * @param Manager $connection The Connection Manager object.
41 */
42 public static function init( $connection ) {
43 $webhooks = new static( $connection );
44
45 add_action( 'init', array( $webhooks, 'controller' ) );
46 add_action( 'load-toplevel_page_jetpack', array( $webhooks, 'fallback_jetpack_controller' ) );
47 }
48
49 /**
50 * Jetpack plugin used to trigger this webhooks in Jetpack::admin_page_load()
51 *
52 * The Jetpack toplevel menu is still accessible for stand-alone plugins, and while there's no content for that page, there are still
53 * actions from Calypso and WPCOM that reach that route regardless of the site having the Jetpack plugin or not. That's why we are still handling it here.
54 */
55 public function fallback_jetpack_controller() {
56 $this->controller( true );
57 }
58
59 /**
60 * The "controller" decides which handler we need to run.
61 *
62 * @param bool $force Do not check if it's a webhook request and just run the controller.
63 */
64 public function controller( $force = false ) {
65 if ( ! $force ) {
66 // The nonce is verified in specific handlers.
67 // phpcs:ignore WordPress.Security.NonceVerification.Recommended
68 if ( empty( $_GET['handler'] ) || 'jetpack-connection-webhooks' !== $_GET['handler'] ) {
69 return;
70 }
71 }
72
73 // phpcs:ignore WordPress.Security.NonceVerification.Recommended
74 if ( isset( $_GET['connect_url_redirect'] ) ) {
75 $this->handle_connect_url_redirect();
76 }
77
78 // phpcs:ignore WordPress.Security.NonceVerification.Recommended
79 if ( empty( $_GET['action'] ) ) {
80 return;
81 }
82
83 // The nonce is verified in specific handlers.
84 // phpcs:ignore WordPress.Security.NonceVerification.Recommended
85 switch ( $_GET['action'] ) {
86 case 'authorize':
87 $this->handle_authorize();
88 $this->do_exit();
89 break; // @phan-suppress-current-line PhanPluginUnreachableCode -- Safer to include it even though do_exit never returns.
90 case 'authorize_redirect':
91 $this->handle_authorize_redirect();
92 $this->do_exit();
93 break; // @phan-suppress-current-line PhanPluginUnreachableCode -- Safer to include it even though do_exit never returns.
94 // Class Jetpack::admin_page_load() still handles other cases.
95 }
96 }
97
98 /**
99 * Perform the authorization action.
100 */
101 public function handle_authorize() {
102 if ( $this->connection->is_connected() && $this->connection->is_user_connected() ) {
103 $redirect_url = apply_filters( 'jetpack_client_authorize_already_authorized_url', admin_url() );
104 wp_safe_redirect( $redirect_url );
105
106 return;
107 }
108 do_action( 'jetpack_client_authorize_processing' );
109
110 $data = stripslashes_deep( $_GET ); // We need all request data under the context of an authorization request.
111 $data['auth_type'] = 'client';
112 $roles = new Roles();
113 $role = $roles->translate_current_user_to_role();
114 $redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';
115
116 check_admin_referer( "jetpack-authorize_{$role}_{$redirect}" );
117
118 $tracking = new Tracking();
119
120 $result = $this->connection->authorize( $data );
121
122 if ( is_wp_error( $result ) ) {
123 do_action( 'jetpack_client_authorize_error', $result );
124
125 $tracking->record_user_event(
126 'jpc_client_authorize_fail',
127 array(
128 'error_code' => $result->get_error_code(),
129 'error_message' => $result->get_error_message(),
130 )
131 );
132 } else {
133 /**
134 * Fires after the Jetpack client is authorized to communicate with WordPress.com.
135 *
136 * @param int Jetpack Blog ID.
137 *
138 * @since 1.7.0
139 * @since-jetpack 4.2.0
140 */
141 do_action( 'jetpack_client_authorized', Jetpack_Options::get_option( 'id' ) );
142
143 $tracking->record_user_event( 'jpc_client_authorize_success' );
144 }
145
146 $fallback_redirect = apply_filters( 'jetpack_client_authorize_fallback_url', admin_url() );
147 $redirect = wp_validate_redirect( $redirect ) ? $redirect : $fallback_redirect;
148
149 wp_safe_redirect( $redirect );
150 }
151
152 /**
153 * The authorhize_redirect webhook handler
154 */
155 public function handle_authorize_redirect() {
156 $authorize_redirect_handler = new Webhooks\Authorize_Redirect( $this->connection );
157 $authorize_redirect_handler->handle();
158 }
159
160 /**
161 * The `exit` is wrapped into a method so we could mock it.
162 *
163 * @return never
164 */
165 protected function do_exit() {
166 exit;
167 }
168
169 /**
170 * Handle the `connect_url_redirect` action,
171 * which is usually called to repeat an attempt for user to authorize the connection.
172 *
173 * @return void
174 */
175 public function handle_connect_url_redirect() {
176 // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- no site changes.
177 $from = ! empty( $_GET['from'] ) ? sanitize_text_field( wp_unslash( $_GET['from'] ) ) : 'iframe';
178
179 // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- no site changes, sanitization happens in get_authorization_url()
180 $redirect = ! empty( $_GET['redirect_after_auth'] ) ? wp_unslash( $_GET['redirect_after_auth'] ) : false;
181
182 add_filter( 'allowed_redirect_hosts', array( Host::class, 'allow_wpcom_environments' ) );
183
184 if ( ! $this->connection->is_user_connected() ) {
185 if ( ! $this->connection->is_connected() ) {
186 $this->connection->register();
187 }
188
189 $connect_url = add_query_arg( 'from', $from, $this->connection->get_authorization_url( null, $redirect ) );
190
191 // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- no site changes.
192 if ( isset( $_GET['notes_iframe'] ) ) {
193 $connect_url .= '&notes_iframe';
194 }
195 wp_safe_redirect( $connect_url );
196 $this->do_exit();
197 } elseif ( ! isset( $_GET['calypso_env'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- no site changes.
198 ( new CookieState() )->state( 'message', 'already_authorized' );
199 wp_safe_redirect( $redirect );
200 $this->do_exit();
201 } else {
202 if ( 'connect-after-checkout' === $from && $redirect ) {
203 wp_safe_redirect( $redirect );
204 $this->do_exit();
205 }
206 $connect_url = add_query_arg(
207 array(
208 'from' => $from,
209 'already_authorized' => true,
210 ),
211 $this->connection->get_authorization_url()
212 );
213 wp_safe_redirect( $connect_url );
214 $this->do_exit();
215 }
216 }
217 }
218