plugin updates
This commit is contained in:
Tony Volpe
@@ -12,6 +12,13 @@
|
||||
use Automattic\Jetpack\Connection\Client;
|
||||
use Automattic\Jetpack\Connection\Manager;
|
||||
|
||||
/**
|
||||
* Disable direct access.
|
||||
*/
|
||||
if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
if ( ! class_exists( IXR_Client::class ) ) {
|
||||
require_once ABSPATH . WPINC . '/class-IXR.php';
|
||||
}
|
||||
@@ -70,7 +77,7 @@ class Jetpack_IXR_Client extends IXR_Client {
|
||||
/**
|
||||
* Perform the IXR request.
|
||||
*
|
||||
* @param string[] ...$args IXR args.
|
||||
* @param mixed ...$args IXR method and args.
|
||||
*
|
||||
* @return bool True if request succeeded, false otherwise.
|
||||
*/
|
||||
@@ -146,10 +153,10 @@ class Jetpack_IXR_Client extends IXR_Client {
|
||||
$code = $match[1];
|
||||
$message = $match[2];
|
||||
$status = $fault_code;
|
||||
return new \WP_Error( $code, $message, $status );
|
||||
return new WP_Error( $code, $message, $status );
|
||||
}
|
||||
|
||||
return new \WP_Error( "IXR_{$fault_code}", $fault_string );
|
||||
return new WP_Error( "IXR_{$fault_code}", $fault_string );
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -65,7 +65,6 @@ class Jetpack_Options {
|
||||
'sync_health_status', // (bool|array) An array of data relating to Jetpack's sync health.
|
||||
'safe_mode_confirmed', // (bool) True if someone confirms that this site was correctly put into safe mode automatically after an identity crisis is discovered.
|
||||
'migrate_for_idc', // (bool) True if someone confirms that this site should migrate stats and subscribers from its previous URL
|
||||
'dismissed_connection_banner', // (bool) True if the connection banner has been dismissed
|
||||
'ab_connect_banner_green_bar', // (int) Version displayed of the A/B test for the green bar at the top of the connect banner.
|
||||
'onboarding', // (string) Auth token to be used in the onboarding connection flow
|
||||
'tos_agreed', // (bool) Whether or not the TOS for connection has been agreed upon.
|
||||
@@ -117,8 +116,6 @@ class Jetpack_Options {
|
||||
'setup_wizard_questionnaire', // (array) (DEPRECATED) List of user choices from the setup wizard.
|
||||
'setup_wizard_status', // (string) (DEPRECATED) Status of the setup wizard.
|
||||
'licensing_error', // (string) Last error message occurred while attaching licenses that is yet to be surfaced to the user.
|
||||
'recommendations_banner_dismissed', // (bool) Determines if the recommendations dashboard banner is dismissed or not.
|
||||
'recommendations_banner_enabled', // (bool) Whether the recommendations are enabled or not.
|
||||
'recommendations_data', // (array) The user choice and other data for the recommendations.
|
||||
'recommendations_step', // (string) The current step of the recommendations.
|
||||
'recommendations_conditional', // (array) An array of action-based recommendations.
|
||||
@@ -129,6 +126,11 @@ class Jetpack_Options {
|
||||
'dismissed_backup_review_restore', // (bool) Determines if the component review request is dismissed for successful restore requests.
|
||||
'dismissed_backup_review_backups', // (bool) Determines if the component review request is dismissed for successful backup requests.
|
||||
'identity_crisis_url_secret', // (array) The IDC URL secret and its expiration date.
|
||||
'identity_crisis_ip_requester', // (array) The IDC IP address and its expiration date.
|
||||
'dismissed_welcome_banner', // (bool) Determines if the welcome banner has been dismissed or not.
|
||||
'recommendations_evaluation', // (object) Catalog of recommended modules with corresponding score following successful site evaluation in Welcome Banner.
|
||||
'dismissed_recommendations', // (bool) Determines if the recommendations have been dismissed or not.
|
||||
'historically_active_modules', // (array) List of installed plugins/enabled modules that have at one point in time been active and working
|
||||
);
|
||||
}
|
||||
|
||||
@@ -630,7 +632,6 @@ class Jetpack_Options {
|
||||
'jetpack_protect_key',
|
||||
'jetpack_protect_blocked_attempts',
|
||||
'jetpack_protect_activating',
|
||||
'jetpack_connection_banner_ab',
|
||||
'jetpack_active_plan',
|
||||
'jetpack_activation_source',
|
||||
'jetpack_site_products',
|
||||
|
||||
@@ -93,9 +93,9 @@ class Jetpack_Signature {
|
||||
// Convert the $_POST to the body, if the body was empty. This is how arrays are hashed
|
||||
// and encoded on the Jetpack side.
|
||||
if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
|
||||
// phpcs:ignore WordPress.Security.NonceVerification.Missing
|
||||
// phpcs:ignore WordPress.Security.NonceVerification.Missing -- Used to generate a cryptographic signature of the post data. Not actually using any of it here.
|
||||
if ( empty( $body ) && is_array( $_POST ) && $_POST !== array() ) {
|
||||
$body = $_POST; // phpcs:ignore WordPress.Security.NonceVerification.Missing
|
||||
$body = $_POST; // phpcs:ignore WordPress.Security.NonceVerification.Missing -- We need all of $_POST in order to generate a cryptographic signature of the post data.
|
||||
}
|
||||
}
|
||||
} elseif ( isset( $_SERVER['REQUEST_METHOD'] ) && 'PUT' === strtoupper( $_SERVER['REQUEST_METHOD'] ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- This is validating.
|
||||
@@ -160,7 +160,7 @@ class Jetpack_Signature {
|
||||
|
||||
$signature_details = compact( 'token', 'timestamp', 'nonce', 'body_hash', 'method', 'url' );
|
||||
|
||||
if ( 0 !== strpos( $token, "$this->token:" ) ) {
|
||||
if ( ! str_starts_with( $token, "$this->token:" ) ) {
|
||||
return new WP_Error( 'token_mismatch', 'Incorrect token', compact( 'signature_details' ) );
|
||||
}
|
||||
|
||||
|
||||
@@ -269,7 +269,7 @@ class Jetpack_XMLRPC_Server {
|
||||
* This XML-RPC method is called from the /jpphp/provision endpoint on WPCOM in order to
|
||||
* register this site so that a plan can be provisioned.
|
||||
*
|
||||
* @param array $request An array containing at minimum nonce and local_user keys.
|
||||
* @param array|ArrayAccess $request An array containing at minimum nonce and local_user keys.
|
||||
*
|
||||
* @return \WP_Error|array
|
||||
*/
|
||||
@@ -373,7 +373,7 @@ class Jetpack_XMLRPC_Server {
|
||||
* This XML-RPC method is called from the /jpphp/provision endpoint on WPCOM in order to
|
||||
* register this site so that a plan can be provisioned.
|
||||
*
|
||||
* @param array $request An array containing at minimum a nonce key and a local_username key.
|
||||
* @param array|ArrayAccess $request An array containing at minimum a nonce key and a local_username key.
|
||||
*
|
||||
* @return \WP_Error|array
|
||||
*/
|
||||
@@ -440,8 +440,8 @@ class Jetpack_XMLRPC_Server {
|
||||
* Given an array containing a local user identifier and a nonce, will attempt to fetch and set
|
||||
* an access token for the given user.
|
||||
*
|
||||
* @param array $request An array containing local_user and nonce keys at minimum.
|
||||
* @param \IXR_Client $ixr_client The client object, optional.
|
||||
* @param array|ArrayAccess $request An array containing local_user and nonce keys at minimum.
|
||||
* @param \IXR_Client $ixr_client The client object, optional.
|
||||
* @return mixed
|
||||
*/
|
||||
public function remote_connect( $request, $ixr_client = false ) {
|
||||
@@ -521,6 +521,7 @@ class Jetpack_XMLRPC_Server {
|
||||
* Getter for the local user to act as.
|
||||
*
|
||||
* @param array $request the current request data.
|
||||
* @return WP_User|IXR_Error|false IXR_Error if the request is missing a local_user field, WP_User object on success, or false on failure to find a user.
|
||||
*/
|
||||
private function fetch_and_verify_local_user( $request ) {
|
||||
if ( empty( $request['local_user'] ) ) {
|
||||
@@ -544,6 +545,7 @@ class Jetpack_XMLRPC_Server {
|
||||
* Gets the user object by its data.
|
||||
*
|
||||
* @param string $user_id can be any identifying user data.
|
||||
* @return WP_User|false WP_User object on success, false on failure.
|
||||
*/
|
||||
private function get_user_by_anything( $user_id ) {
|
||||
$user = get_user_by( 'login', $user_id );
|
||||
|
||||
Reference in New Issue
Block a user