PluginProbe ʕ •ᴥ•ʔ
WP STAGING – WordPress Backup, Restore, Migration & Clone / 4.9.2
WP STAGING – WordPress Backup, Restore, Migration & Clone v4.9.2
4.9.2 4.9.1 4.9.0 4.8.1 trunk 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.1.0 3.1.1 3.1.2 3.1.3 3.1.4 3.10.0 3.2.0 3.3.1 3.3.2 3.3.3 3.4.1 3.4.3 3.5.0 3.6.0 3.7.1 3.8.0 3.8.1 3.8.2 3.8.3 3.8.4 3.8.5 3.8.6 3.8.7 3.9.0 3.9.1 3.9.2 3.9.3 3.9.4 4.0.0 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.0 4.7.0 4.7.1 4.7.2 4.7.3 4.8.0
wp-staging / Framework / Traits / BearerTokenTrait.php
wp-staging / Framework / Traits Last commit date
ApplyFiltersTrait.php 2 months ago ArrayableTrait.php 7 months ago BatchSizeCalculateTrait.php 7 months ago BearerTokenTrait.php 4 months ago BenchmarkTrait.php 2 years ago BooleanTransientTrait.php 5 years ago DatabaseSearchReplaceTrait.php 2 weeks ago DbRowsGeneratorTrait.php 3 years ago DebugLogTrait.php 1 year ago DeveloperTimerTrait.php 8 months ago EndOfLinePlaceholderTrait.php 1 year ago EventLoggerTrait.php 1 month ago FileScanToCacheTrait.php 10 months ago FormatTrait.php 11 months ago HttpRequestTrait.php 8 months ago HydrateTrait.php 1 year ago I18nTrait.php 1 year ago IpResolverTrait.php 10 months ago MaintenanceTrait.php 5 months ago MemoryExhaustTrait.php 2 years ago MySQLRowsGeneratorTrait.php 7 months ago NoticesTrait.php 1 day ago PropertyConstructor.php 5 years ago RenameTmpDirectoryTrait.php 5 months ago ResourceTrait.php 4 months ago RestRequestTrait.php 3 months ago RestoreFileExclusionTrait.php 1 year ago SerializeTrait.php 1 year ago SetTimeLimitTrait.php 1 month ago SlashTrait.php 1 year ago SqlCommentTrait.php 3 months ago TablePrefixValidator.php 3 months ago UrlTrait.php 1 year ago ValueGetterTrait.php 1 year ago WindowsOsTrait.php 1 year ago
BearerTokenTrait.php
70 lines
1 <?php
2
3 namespace WPStaging\Framework\Traits;
4
5 use RuntimeException;
6
7 /**
8 * Provide method to get bearer tokens.
9 */
10 trait BearerTokenTrait
11 {
12 protected function getBearerToken(): string
13 {
14 $authHeader = $this->getAuthorizationHeaderFromRequest();
15 if (empty($authHeader) || !preg_match('/Bearer\s+(\S+)/', $authHeader, $matches)) {
16 return $this->getAuthTokenFromPluginHeader();
17 }
18
19 return sanitize_text_field($matches[1]);
20 }
21
22 protected function getAuthTokenFromPluginHeader(): string
23 {
24 /**
25 * Some hosts strip the Authorization header before PHP gets it.
26 * We accept a plugin-specific fallback header that is set by WP STAGING clients.
27 */
28 $token = sanitize_text_field($_SERVER['HTTP_X_WPSTG_REQUEST'] ?? ''); // phpcs:ignore
29 if (empty($token) || !preg_match('/^[a-f0-9]{12,}$/i', $token)) {
30 throw new RuntimeException('Authorization header not found or invalid.', 401);
31 }
32
33 return $token;
34 }
35
36 private function getAuthorizationHeaderFromRequest(): string
37 {
38 $authHeader = '';
39 if (function_exists('getallheaders')) {
40 $authHeader = $this->extractAuthorizationHeader(getallheaders());
41 }
42
43 if (empty($authHeader) && function_exists('apache_request_headers')) {
44 $authHeader = $this->extractAuthorizationHeader(apache_request_headers());
45 }
46
47 if (empty($authHeader) && !empty($_SERVER['HTTP_AUTHORIZATION'])) {
48 $authHeader = sanitize_text_field($_SERVER['HTTP_AUTHORIZATION']); // phpcs:ignore
49 }
50
51 return $authHeader;
52 }
53
54 /**
55 * @param array<string, mixed> $headers
56 */
57 private function extractAuthorizationHeader(array $headers): string
58 {
59 foreach ($headers as $headerName => $headerValue) {
60 if (strtolower((string)$headerName) !== 'authorization') {
61 continue;
62 }
63
64 return sanitize_text_field((string)$headerValue);
65 }
66
67 return '';
68 }
69 }
70