Edit File by line

Deprecated: str_replace(): Passing null to parameter #2 ($replace) of type array|string is deprecated in /home/sportsfever/public_html/filemanger/function.php on line 93
/home/sportsfe.../httpdocs/clone/wp-inclu...
File: class-wp-recovery-mode-cookie-service.php
<?php
[0] Fix | Delete
/**
[1] Fix | Delete
* Error Protection API: WP_Recovery_Mode_Cookie_Service class
[2] Fix | Delete
*
[3] Fix | Delete
* @package WordPress
[4] Fix | Delete
* @since 5.2.0
[5] Fix | Delete
*/
[6] Fix | Delete
[7] Fix | Delete
/**
[8] Fix | Delete
* Core class used to set, validate, and clear cookies that identify a Recovery Mode session.
[9] Fix | Delete
*
[10] Fix | Delete
* @since 5.2.0
[11] Fix | Delete
*/
[12] Fix | Delete
#[AllowDynamicProperties]
[13] Fix | Delete
final class WP_Recovery_Mode_Cookie_Service {
[14] Fix | Delete
[15] Fix | Delete
/**
[16] Fix | Delete
* Checks whether the recovery mode cookie is set.
[17] Fix | Delete
*
[18] Fix | Delete
* @since 5.2.0
[19] Fix | Delete
*
[20] Fix | Delete
* @return bool True if the cookie is set, false otherwise.
[21] Fix | Delete
*/
[22] Fix | Delete
public function is_cookie_set() {
[23] Fix | Delete
return ! empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] );
[24] Fix | Delete
}
[25] Fix | Delete
[26] Fix | Delete
/**
[27] Fix | Delete
* Sets the recovery mode cookie.
[28] Fix | Delete
*
[29] Fix | Delete
* This must be immediately followed by exiting the request.
[30] Fix | Delete
*
[31] Fix | Delete
* @since 5.2.0
[32] Fix | Delete
*/
[33] Fix | Delete
public function set_cookie() {
[34] Fix | Delete
[35] Fix | Delete
$value = $this->generate_cookie();
[36] Fix | Delete
[37] Fix | Delete
/**
[38] Fix | Delete
* Filters the length of time a Recovery Mode cookie is valid for.
[39] Fix | Delete
*
[40] Fix | Delete
* @since 5.2.0
[41] Fix | Delete
*
[42] Fix | Delete
* @param int $length Length in seconds.
[43] Fix | Delete
*/
[44] Fix | Delete
$length = apply_filters( 'recovery_mode_cookie_length', WEEK_IN_SECONDS );
[45] Fix | Delete
[46] Fix | Delete
$expire = time() + $length;
[47] Fix | Delete
[48] Fix | Delete
setcookie( RECOVERY_MODE_COOKIE, $value, $expire, COOKIEPATH, COOKIE_DOMAIN, is_ssl(), true );
[49] Fix | Delete
[50] Fix | Delete
if ( COOKIEPATH !== SITECOOKIEPATH ) {
[51] Fix | Delete
setcookie( RECOVERY_MODE_COOKIE, $value, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, is_ssl(), true );
[52] Fix | Delete
}
[53] Fix | Delete
}
[54] Fix | Delete
[55] Fix | Delete
/**
[56] Fix | Delete
* Clears the recovery mode cookie.
[57] Fix | Delete
*
[58] Fix | Delete
* @since 5.2.0
[59] Fix | Delete
*/
[60] Fix | Delete
public function clear_cookie() {
[61] Fix | Delete
setcookie( RECOVERY_MODE_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
[62] Fix | Delete
setcookie( RECOVERY_MODE_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
[63] Fix | Delete
}
[64] Fix | Delete
[65] Fix | Delete
/**
[66] Fix | Delete
* Validates the recovery mode cookie.
[67] Fix | Delete
*
[68] Fix | Delete
* @since 5.2.0
[69] Fix | Delete
*
[70] Fix | Delete
* @param string $cookie Optionally specify the cookie string.
[71] Fix | Delete
* If omitted, it will be retrieved from the super global.
[72] Fix | Delete
* @return true|WP_Error True on success, error object on failure.
[73] Fix | Delete
*/
[74] Fix | Delete
public function validate_cookie( $cookie = '' ) {
[75] Fix | Delete
[76] Fix | Delete
if ( ! $cookie ) {
[77] Fix | Delete
if ( empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] ) ) {
[78] Fix | Delete
return new WP_Error( 'no_cookie', __( 'No cookie present.' ) );
[79] Fix | Delete
}
[80] Fix | Delete
[81] Fix | Delete
$cookie = $_COOKIE[ RECOVERY_MODE_COOKIE ];
[82] Fix | Delete
}
[83] Fix | Delete
[84] Fix | Delete
$parts = $this->parse_cookie( $cookie );
[85] Fix | Delete
[86] Fix | Delete
if ( is_wp_error( $parts ) ) {
[87] Fix | Delete
return $parts;
[88] Fix | Delete
}
[89] Fix | Delete
[90] Fix | Delete
list( , $created_at, $random, $signature ) = $parts;
[91] Fix | Delete
[92] Fix | Delete
if ( ! ctype_digit( $created_at ) ) {
[93] Fix | Delete
return new WP_Error( 'invalid_created_at', __( 'Invalid cookie format.' ) );
[94] Fix | Delete
}
[95] Fix | Delete
[96] Fix | Delete
/** This filter is documented in wp-includes/class-wp-recovery-mode-cookie-service.php */
[97] Fix | Delete
$length = apply_filters( 'recovery_mode_cookie_length', WEEK_IN_SECONDS );
[98] Fix | Delete
[99] Fix | Delete
if ( time() > $created_at + $length ) {
[100] Fix | Delete
return new WP_Error( 'expired', __( 'Cookie expired.' ) );
[101] Fix | Delete
}
[102] Fix | Delete
[103] Fix | Delete
$to_sign = sprintf( 'recovery_mode|%s|%s', $created_at, $random );
[104] Fix | Delete
$hashed = $this->recovery_mode_hash( $to_sign );
[105] Fix | Delete
[106] Fix | Delete
if ( ! hash_equals( $signature, $hashed ) ) {
[107] Fix | Delete
return new WP_Error( 'signature_mismatch', __( 'Invalid cookie.' ) );
[108] Fix | Delete
}
[109] Fix | Delete
[110] Fix | Delete
return true;
[111] Fix | Delete
}
[112] Fix | Delete
[113] Fix | Delete
/**
[114] Fix | Delete
* Gets the session identifier from the cookie.
[115] Fix | Delete
*
[116] Fix | Delete
* The cookie should be validated before calling this API.
[117] Fix | Delete
*
[118] Fix | Delete
* @since 5.2.0
[119] Fix | Delete
*
[120] Fix | Delete
* @param string $cookie Optionally specify the cookie string.
[121] Fix | Delete
* If omitted, it will be retrieved from the super global.
[122] Fix | Delete
* @return string|WP_Error Session ID on success, or error object on failure.
[123] Fix | Delete
*/
[124] Fix | Delete
public function get_session_id_from_cookie( $cookie = '' ) {
[125] Fix | Delete
if ( ! $cookie ) {
[126] Fix | Delete
if ( empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] ) ) {
[127] Fix | Delete
return new WP_Error( 'no_cookie', __( 'No cookie present.' ) );
[128] Fix | Delete
}
[129] Fix | Delete
[130] Fix | Delete
$cookie = $_COOKIE[ RECOVERY_MODE_COOKIE ];
[131] Fix | Delete
}
[132] Fix | Delete
[133] Fix | Delete
$parts = $this->parse_cookie( $cookie );
[134] Fix | Delete
if ( is_wp_error( $parts ) ) {
[135] Fix | Delete
return $parts;
[136] Fix | Delete
}
[137] Fix | Delete
[138] Fix | Delete
list( , , $random ) = $parts;
[139] Fix | Delete
[140] Fix | Delete
return sha1( $random );
[141] Fix | Delete
}
[142] Fix | Delete
[143] Fix | Delete
/**
[144] Fix | Delete
* Parses the cookie into its four parts.
[145] Fix | Delete
*
[146] Fix | Delete
* @since 5.2.0
[147] Fix | Delete
*
[148] Fix | Delete
* @param string $cookie Cookie content.
[149] Fix | Delete
* @return array|WP_Error Cookie parts array, or error object on failure.
[150] Fix | Delete
*/
[151] Fix | Delete
private function parse_cookie( $cookie ) {
[152] Fix | Delete
$cookie = base64_decode( $cookie );
[153] Fix | Delete
$parts = explode( '|', $cookie );
[154] Fix | Delete
[155] Fix | Delete
if ( 4 !== count( $parts ) ) {
[156] Fix | Delete
return new WP_Error( 'invalid_format', __( 'Invalid cookie format.' ) );
[157] Fix | Delete
}
[158] Fix | Delete
[159] Fix | Delete
return $parts;
[160] Fix | Delete
}
[161] Fix | Delete
[162] Fix | Delete
/**
[163] Fix | Delete
* Generates the recovery mode cookie value.
[164] Fix | Delete
*
[165] Fix | Delete
* The cookie is a base64 encoded string with the following format:
[166] Fix | Delete
*
[167] Fix | Delete
* recovery_mode|iat|rand|signature
[168] Fix | Delete
*
[169] Fix | Delete
* Where "recovery_mode" is a constant string,
[170] Fix | Delete
* iat is the time the cookie was generated at,
[171] Fix | Delete
* rand is a randomly generated password that is also used as a session identifier
[172] Fix | Delete
* and signature is an hmac of the preceding 3 parts.
[173] Fix | Delete
*
[174] Fix | Delete
* @since 5.2.0
[175] Fix | Delete
*
[176] Fix | Delete
* @return string Generated cookie content.
[177] Fix | Delete
*/
[178] Fix | Delete
private function generate_cookie() {
[179] Fix | Delete
$to_sign = sprintf( 'recovery_mode|%s|%s', time(), wp_generate_password( 20, false ) );
[180] Fix | Delete
$signed = $this->recovery_mode_hash( $to_sign );
[181] Fix | Delete
[182] Fix | Delete
return base64_encode( sprintf( '%s|%s', $to_sign, $signed ) );
[183] Fix | Delete
}
[184] Fix | Delete
[185] Fix | Delete
/**
[186] Fix | Delete
* Gets a form of `wp_hash()` specific to Recovery Mode.
[187] Fix | Delete
*
[188] Fix | Delete
* We cannot use `wp_hash()` because it is defined in `pluggable.php` which is not loaded until after plugins are loaded,
[189] Fix | Delete
* which is too late to verify the recovery mode cookie.
[190] Fix | Delete
*
[191] Fix | Delete
* This tries to use the `AUTH` salts first, but if they aren't valid specific salts will be generated and stored.
[192] Fix | Delete
*
[193] Fix | Delete
* @since 5.2.0
[194] Fix | Delete
*
[195] Fix | Delete
* @param string $data Data to hash.
[196] Fix | Delete
* @return string|false The hashed $data, or false on failure.
[197] Fix | Delete
*/
[198] Fix | Delete
private function recovery_mode_hash( $data ) {
[199] Fix | Delete
$default_keys = array_unique(
[200] Fix | Delete
array(
[201] Fix | Delete
'put your unique phrase here',
[202] Fix | Delete
/*
[203] Fix | Delete
* translators: This string should only be translated if wp-config-sample.php is localized.
[204] Fix | Delete
* You can check the localized release package or
[205] Fix | Delete
* https://i18n.svn.wordpress.org/<locale code>/branches/<wp version>/dist/wp-config-sample.php
[206] Fix | Delete
*/
[207] Fix | Delete
__( 'put your unique phrase here' ),
[208] Fix | Delete
)
[209] Fix | Delete
);
[210] Fix | Delete
[211] Fix | Delete
if ( ! defined( 'AUTH_KEY' ) || in_array( AUTH_KEY, $default_keys, true ) ) {
[212] Fix | Delete
$auth_key = get_site_option( 'recovery_mode_auth_key' );
[213] Fix | Delete
[214] Fix | Delete
if ( ! $auth_key ) {
[215] Fix | Delete
if ( ! function_exists( 'wp_generate_password' ) ) {
[216] Fix | Delete
require_once ABSPATH . WPINC . '/pluggable.php';
[217] Fix | Delete
}
[218] Fix | Delete
[219] Fix | Delete
$auth_key = wp_generate_password( 64, true, true );
[220] Fix | Delete
update_site_option( 'recovery_mode_auth_key', $auth_key );
[221] Fix | Delete
}
[222] Fix | Delete
} else {
[223] Fix | Delete
$auth_key = AUTH_KEY;
[224] Fix | Delete
}
[225] Fix | Delete
[226] Fix | Delete
if ( ! defined( 'AUTH_SALT' ) || in_array( AUTH_SALT, $default_keys, true ) || AUTH_SALT === $auth_key ) {
[227] Fix | Delete
$auth_salt = get_site_option( 'recovery_mode_auth_salt' );
[228] Fix | Delete
[229] Fix | Delete
if ( ! $auth_salt ) {
[230] Fix | Delete
if ( ! function_exists( 'wp_generate_password' ) ) {
[231] Fix | Delete
require_once ABSPATH . WPINC . '/pluggable.php';
[232] Fix | Delete
}
[233] Fix | Delete
[234] Fix | Delete
$auth_salt = wp_generate_password( 64, true, true );
[235] Fix | Delete
update_site_option( 'recovery_mode_auth_salt', $auth_salt );
[236] Fix | Delete
}
[237] Fix | Delete
} else {
[238] Fix | Delete
$auth_salt = AUTH_SALT;
[239] Fix | Delete
}
[240] Fix | Delete
[241] Fix | Delete
$secret = $auth_key . $auth_salt;
[242] Fix | Delete
[243] Fix | Delete
return hash_hmac( 'sha1', $data, $secret );
[244] Fix | Delete
}
[245] Fix | Delete
}
[246] Fix | Delete
[247] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function