<?php

[0] Fix | Delete

/**

[1] Fix | Delete

* Upgrade to the Pro version

[2] Fix | Delete

*

[3] Fix | Delete

* @since 4.0

[4] Fix | Delete

*/

[5] Fix | Delete

[6] Fix | Delete

namespace TwitterFeed\Admin;

[7] Fix | Delete

[8] Fix | Delete

class CTF_Upgrader {

[9] Fix | Delete

[10] Fix | Delete

/**

[11] Fix | Delete

* URL where licensing is done

[12] Fix | Delete

*/

[13] Fix | Delete

const STORE_URL = 'https://smashballoon.com/';

[14] Fix | Delete

[15] Fix | Delete

/**

[16] Fix | Delete

* URL to connect to Smash Balloon App and upgrade to Pro

[17] Fix | Delete

*/

[18] Fix | Delete

const UPGRADE_URL = 'https://connect.smashballoon.com/activate/index.php';

[19] Fix | Delete

[20] Fix | Delete

/**

[21] Fix | Delete

* Check the license key URL

[22] Fix | Delete

*/

[23] Fix | Delete

const CHECK_URL = 'https://connect.smashballoon.com/activate/check.php';

[24] Fix | Delete

[25] Fix | Delete

const NAME = 'twitter';

[26] Fix | Delete

[27] Fix | Delete

const SLUG = 'custom-twitter-feeds-pro/custom-twitter-feed.php';

[28] Fix | Delete

[29] Fix | Delete

const REDIRECT = 'ctf-settings';

[30] Fix | Delete

[31] Fix | Delete

const INSTALL_INSTRUCTIONS = 'https://smashballoon.com/doc/setting-up-the-custom-twitter-feeds-pro-wordpress-plugin/?twitter&utm_campaign=twitter-free&utm_source=settings&utm_medium=freetopro&utm_content=Upgrade Manually';

[32] Fix | Delete

[33] Fix | Delete

[34] Fix | Delete

/**

[35] Fix | Delete

* AJAX hooks for creating the redirect

[36] Fix | Delete

*

[37] Fix | Delete

* @since 4.0

[38] Fix | Delete

*/

[39] Fix | Delete

public static function hooks() {

[40] Fix | Delete

add_action( 'wp_ajax_nopriv_ctf_run_one_click_upgrade', array( 'TwitterFeed\Admin\CTF_Upgrader', 'install_upgrade' ) );

[41] Fix | Delete

add_action( 'wp_ajax_ctf_maybe_upgrade_redirect', array( 'TwitterFeed\Admin\CTF_Upgrader', 'maybe_upgrade_redirect' ) );

[42] Fix | Delete

}

[43] Fix | Delete

[44] Fix | Delete

/**

[45] Fix | Delete

* Connect to licensing API to get download URL for Pro version

[46] Fix | Delete

*

[47] Fix | Delete

* @param $license_data

[48] Fix | Delete

*

[49] Fix | Delete

* @return bool|mixed|null

[50] Fix | Delete

*

[51] Fix | Delete

* @since 4.0

[52] Fix | Delete

*/

[53] Fix | Delete

public static function get_version_info( $license_data ) {

[54] Fix | Delete

$api_params = array(

[55] Fix | Delete

'edd_action' => 'get_version',

[56] Fix | Delete

'license' => $license_data['key'],

[57] Fix | Delete

'item_name' => isset( $license_data['item_name'] ) ? $license_data['item_name'] : false,

[58] Fix | Delete

'item_id' => isset( $license_data['item_id'] ) ? $license_data['item_id'] : false,

[59] Fix | Delete

'version' => '0',

[60] Fix | Delete

'slug' => self::SLUG,

[61] Fix | Delete

'author' => 'SmashBalloon',

[62] Fix | Delete

'url' => home_url(),

[63] Fix | Delete

'beta' => false,

[64] Fix | Delete

'nocache' => '1'

[65] Fix | Delete

);

[66] Fix | Delete

[67] Fix | Delete

$api_url = trailingslashit( self::STORE_URL );

[68] Fix | Delete

[69] Fix | Delete

$request = wp_remote_post(

[70] Fix | Delete

$api_url,

[71] Fix | Delete

array(

[72] Fix | Delete

'timeout' => 15,

[73] Fix | Delete

'sslverify' => true,

[74] Fix | Delete

'body' => $api_params,

[75] Fix | Delete

)

[76] Fix | Delete

);

[77] Fix | Delete

[78] Fix | Delete

if ( ! is_wp_error( $request ) ) {

[79] Fix | Delete

$version_info = json_decode( wp_remote_retrieve_body( $request ) );

[80] Fix | Delete

return $version_info;

[81] Fix | Delete

}

[82] Fix | Delete

[83] Fix | Delete

return false;

[84] Fix | Delete

}

[85] Fix | Delete

[86] Fix | Delete

/**

[87] Fix | Delete

* Ajax handler for grabbing the upgrade url.

[88] Fix | Delete

*

[89] Fix | Delete

* @since 4.0

[90] Fix | Delete

*/

[91] Fix | Delete

public static function maybe_upgrade_redirect() {

[92] Fix | Delete

$home_url = home_url();

[93] Fix | Delete

check_ajax_referer( 'ctf_admin_nonce', 'nonce' );

[94] Fix | Delete

[95] Fix | Delete

$cap = ctf_get_manage_options_cap();

[96] Fix | Delete

[97] Fix | Delete

if ( ! current_user_can( $cap ) ) {

[98] Fix | Delete

wp_send_json_error(); // This auto-dies.

[99] Fix | Delete

}

[100] Fix | Delete

[101] Fix | Delete

// Check for permissions.

[102] Fix | Delete

if ( ! current_user_can( 'install_plugins' ) ) {

[103] Fix | Delete

wp_send_json_error( array( 'message' => esc_html__( 'You are not allowed to install plugins.', 'custom-twitter-feeds' ) ) );

[104] Fix | Delete

}

[105] Fix | Delete

if ( self::is_dev_url( home_url() ) ) {

[106] Fix | Delete

wp_send_json_success(

[107] Fix | Delete

array(

[108] Fix | Delete

'url' => self::INSTALL_INSTRUCTIONS,

[109] Fix | Delete

)

[110] Fix | Delete

);

[111] Fix | Delete

}

[112] Fix | Delete

// Check license key.

[113] Fix | Delete

$license = ! empty( $_POST['license_key'] ) ? sanitize_key( $_POST['license_key'] ) : '';

[114] Fix | Delete

if ( empty( $license ) ) {

[115] Fix | Delete

wp_send_json_error( array( 'message' => esc_html__( 'You are not licensed.', 'custom-twitter-feeds' ) ) );

[116] Fix | Delete

}

[117] Fix | Delete

[118] Fix | Delete

$args = array(

[119] Fix | Delete

'plugin_name' => self::NAME,

[120] Fix | Delete

'plugin_slug' => 'pro',

[121] Fix | Delete

'plugin_path' => plugin_basename( __FILE__ ),

[122] Fix | Delete

'plugin_url' => trailingslashit( WP_PLUGIN_URL ) . 'pro',

[123] Fix | Delete

'home_url' => $home_url,

[124] Fix | Delete

'version' => '1.0',

[125] Fix | Delete

'key' => $license,

[126] Fix | Delete

);

[127] Fix | Delete

$url = add_query_arg( $args, self::CHECK_URL );

[128] Fix | Delete

[129] Fix | Delete

$remote_request_args = array(

[130] Fix | Delete

'timeout' => '20',

[131] Fix | Delete

);

[132] Fix | Delete

[133] Fix | Delete

$response = wp_remote_get( $url, $remote_request_args );

[134] Fix | Delete

[135] Fix | Delete

if ( ! is_wp_error( $response ) ) {

[136] Fix | Delete

$body = wp_remote_retrieve_body( $response );

[137] Fix | Delete

[138] Fix | Delete

$check_key_response = json_decode( $body, true );

[139] Fix | Delete

[140] Fix | Delete

if ( empty( $check_key_response['license_data'] ) ) {

[141] Fix | Delete

[142] Fix | Delete

wp_send_json_error(

[143] Fix | Delete

array(

[144] Fix | Delete

'message' => esc_html( self::get_error_message( $check_key_response ) ),

[145] Fix | Delete

)

[146] Fix | Delete

);

[147] Fix | Delete

}

[148] Fix | Delete

[149] Fix | Delete

if ( ! empty( $check_key_response['license_data']['error'] ) ) {

[150] Fix | Delete

wp_send_json_error(

[151] Fix | Delete

array(

[152] Fix | Delete

'message' => self::get_error_message( $check_key_response ),

[153] Fix | Delete

)

[154] Fix | Delete

);

[155] Fix | Delete

}

[156] Fix | Delete

[157] Fix | Delete

if ( ! empty( $check_key_response['license_data']['error'] ) ) {

[158] Fix | Delete

wp_send_json_error(

[159] Fix | Delete

array(

[160] Fix | Delete

'message' => self::get_error_message( $check_key_response ),

[161] Fix | Delete

)

[162] Fix | Delete

);

[163] Fix | Delete

}

[164] Fix | Delete

[165] Fix | Delete

if ( $check_key_response['license_data']['license'] !== 'valid' ) {

[166] Fix | Delete

wp_send_json_error(

[167] Fix | Delete

array(

[168] Fix | Delete

'message' => self::get_error_message( $check_key_response ),

[169] Fix | Delete

)

[170] Fix | Delete

);

[171] Fix | Delete

}

[172] Fix | Delete

[173] Fix | Delete

$license_data = $check_key_response['license_data'];

[174] Fix | Delete

update_option( 'ctf_license_key', $license );

[175] Fix | Delete

update_option( 'ctf_license_data', $license_data );

[176] Fix | Delete

update_option( 'ctf_license_status', $license_data['license'] );

[177] Fix | Delete

[178] Fix | Delete

// Redirect.

[179] Fix | Delete

$oth = hash( 'sha512', wp_rand() );

[180] Fix | Delete

$hashed_oth = hash_hmac( 'sha512', $oth, wp_salt() );

[181] Fix | Delete

update_option( 'ctf_one_click_upgrade', $oth );

[182] Fix | Delete

$version = '1.0';

[183] Fix | Delete

$version_info = self::get_version_info( $license_data );

[184] Fix | Delete

$file = '';

[185] Fix | Delete

if ( isset( $version_info->package ) ) {

[186] Fix | Delete

$file = $version_info->package;

[187] Fix | Delete

}

[188] Fix | Delete

$siteurl = admin_url();

[189] Fix | Delete

$endpoint = admin_url( 'admin-ajax.php' );

[190] Fix | Delete

$redirect = admin_url( 'admin.php?page=' . self::REDIRECT );

[191] Fix | Delete

$url = add_query_arg(

[192] Fix | Delete

array(

[193] Fix | Delete

'key' => $license,

[194] Fix | Delete

'oth' => $hashed_oth,

[195] Fix | Delete

'endpoint' => $endpoint,

[196] Fix | Delete

'version' => $version,

[197] Fix | Delete

'siteurl' => $siteurl,

[198] Fix | Delete

'homeurl' => $home_url,

[199] Fix | Delete

'redirect' => rawurldecode( base64_encode( $redirect ) ),

[200] Fix | Delete

'file' => rawurldecode( base64_encode( $file ) ),

[201] Fix | Delete

'plugin_name' => self::NAME,

[202] Fix | Delete

),

[203] Fix | Delete

self::UPGRADE_URL

[204] Fix | Delete

);

[205] Fix | Delete

wp_send_json_success(

[206] Fix | Delete

array(

[207] Fix | Delete

'url' => $url,

[208] Fix | Delete

)

[209] Fix | Delete

);

[210] Fix | Delete

[211] Fix | Delete

}

[212] Fix | Delete

[213] Fix | Delete

wp_send_json_error( array( 'message' => esc_html__( 'Could not connect.', 'custom-twitter-feeds' ) ) );

[214] Fix | Delete

}

[215] Fix | Delete

[216] Fix | Delete

/**

[217] Fix | Delete

* Endpoint for one-click upgrade.

[218] Fix | Delete

*

[219] Fix | Delete

* @since 4.0

[220] Fix | Delete

*/

[221] Fix | Delete

public static function install_upgrade() {

[222] Fix | Delete

$error = esc_html__( 'Could not install upgrade. Please download from smashballoon.com and install manually.', 'custom-twitter-feeds' );

[223] Fix | Delete

// verify params present (oth & download link).

[224] Fix | Delete

$post_oth = ! empty( $_REQUEST['oth'] ) ? sanitize_text_field( $_REQUEST['oth'] ) : '';

[225] Fix | Delete

$post_url = ! empty( $_REQUEST['file'] ) ? $_REQUEST['file'] : '';

[226] Fix | Delete

[227] Fix | Delete

if ( empty( $post_oth ) || empty( $post_url ) ) {

[228] Fix | Delete

wp_send_json_error( $error );

[229] Fix | Delete

}

[230] Fix | Delete

// Verify oth.

[231] Fix | Delete

$oth = get_option( 'ctf_one_click_upgrade' );

[232] Fix | Delete

if ( empty( $oth ) ) {

[233] Fix | Delete

wp_send_json_error( $error );

[234] Fix | Delete

}

[235] Fix | Delete

[236] Fix | Delete

if ( hash_hmac( 'sha512', $oth, wp_salt() ) !== $post_oth ) {

[237] Fix | Delete

wp_send_json_error( $error );

[238] Fix | Delete

}

[239] Fix | Delete

[240] Fix | Delete

// Delete so cannot replay.

[241] Fix | Delete

delete_option( 'ctf_one_click_upgrade' );

[242] Fix | Delete

// Set the current screen to avoid undefined notices.

[243] Fix | Delete

set_current_screen( self::REDIRECT );

[244] Fix | Delete

// Prepare variables.

[245] Fix | Delete

$url = esc_url_raw(

[246] Fix | Delete

add_query_arg(

[247] Fix | Delete

array(

[248] Fix | Delete

'page' => self::REDIRECT,

[249] Fix | Delete

),

[250] Fix | Delete

admin_url( 'admin.php' )

[251] Fix | Delete

)

[252] Fix | Delete

);

[253] Fix | Delete

[254] Fix | Delete

// Verify pro not installed.

[255] Fix | Delete

$active = activate_plugin( self::SLUG, $url, false, true );

[256] Fix | Delete

if ( ! is_wp_error( $active ) ) {

[257] Fix | Delete

deactivate_plugins( plugin_basename( CTF_PLUGIN_DIR ) );

[258] Fix | Delete

wp_send_json_success( esc_html__( 'Plugin installed & activated.', 'custom-twitter-feeds' ) );

[259] Fix | Delete

}

[260] Fix | Delete

[261] Fix | Delete

$creds = request_filesystem_credentials( $url, '', false, false, null );

[262] Fix | Delete

// Check for file system permissions.

[263] Fix | Delete

if ( false === $creds ) {

[264] Fix | Delete

wp_send_json_error( $error );

[265] Fix | Delete

}

[266] Fix | Delete

if ( ! WP_Filesystem( $creds ) ) {

[267] Fix | Delete

wp_send_json_error( $error );

[268] Fix | Delete

}

[269] Fix | Delete

[270] Fix | Delete

// We do not need any extra credentials if we have gotten this far, so let's install the plugin.

[271] Fix | Delete

$license = get_option( 'ctf_license_key' );

[272] Fix | Delete

if ( empty( $license ) ) {

[273] Fix | Delete

wp_send_json_error( new \WP_Error( '403', esc_html__( 'You are not licensed.', 'custom-twitter-feeds' ) ) );

[274] Fix | Delete

}

[275] Fix | Delete

[276] Fix | Delete

// Do not allow WordPress to search/download translations, as this will break JS output.

[277] Fix | Delete

remove_action( 'upgrader_process_complete', array( 'Language_Pack_Upgrader', 'async_upgrade' ), 20 );

[278] Fix | Delete

// Create the plugin upgrader with our custom skin.

[279] Fix | Delete

require_once trailingslashit( CTF_PLUGIN_DIR ) . 'inc/Admin/PluginSilentUpgrader.php';

[280] Fix | Delete

require_once trailingslashit( CTF_PLUGIN_DIR ) . 'inc/Admin/PluginSilentUpgraderSkin.php';

[281] Fix | Delete

require_once trailingslashit( CTF_PLUGIN_DIR ) . 'inc/Admin/class-install-skin.php';

[282] Fix | Delete

$installer = new \CTF\Helpers\PluginSilentUpgrader( new \CTF_Install_Skin() );

[283] Fix | Delete

[284] Fix | Delete

// Error check.

[285] Fix | Delete

if ( ! method_exists( $installer, 'install' ) || empty( $post_url ) ) {

[286] Fix | Delete

wp_send_json_error( $error );

[287] Fix | Delete

}

[288] Fix | Delete

[289] Fix | Delete

$license_data = get_option( 'ctf_license_data' );

[290] Fix | Delete

[291] Fix | Delete

if ( ! empty( $license_data ) ) {

[292] Fix | Delete

$version_info = self::get_version_info( $license_data );

[293] Fix | Delete

$file = '';

[294] Fix | Delete

if ( isset( $version_info->package ) ) {

[295] Fix | Delete

$file = $version_info->package;

[296] Fix | Delete

}

[297] Fix | Delete

} else {

[298] Fix | Delete

wp_send_json_error( new \WP_Error( '403', esc_html__( 'You are not licensed.', 'custom-twitter-feeds' ) ) );

[299] Fix | Delete

}

[300] Fix | Delete

[301] Fix | Delete

if ( ! empty( $file ) ) {

[302] Fix | Delete

[303] Fix | Delete

$installer->install( $file ); // phpcs:ignore

[304] Fix | Delete

// Check license key.

[305] Fix | Delete

// Flush the cache and return the newly installed plugin basename.

[306] Fix | Delete

wp_cache_flush();

[307] Fix | Delete

[308] Fix | Delete

$plugin_basename = $installer->plugin_info();

[309] Fix | Delete

[310] Fix | Delete

if ( $plugin_basename ) {

[311] Fix | Delete

deactivate_plugins( plugin_basename( CTF_PLUGIN_BASENAME ), true );

[312] Fix | Delete

[313] Fix | Delete

// Activate the plugin silently.

[314] Fix | Delete

$activated = activate_plugin( $plugin_basename );

[315] Fix | Delete

[316] Fix | Delete

if ( ! is_wp_error( $activated ) ) {

[317] Fix | Delete

wp_send_json_success( esc_html__( 'Plugin installed & activated.', 'custom-twitter-feeds' ) );

[318] Fix | Delete

} else {

[319] Fix | Delete

// Reactivate the lite plugin if pro activation failed.

[320] Fix | Delete

$activated = activate_plugin( plugin_basename( CTF_PLUGIN_BASENAME ), '', false, true );

[321] Fix | Delete

wp_send_json_error( esc_html__( 'Pro version installed but needs to be activated from the Plugins page inside your WordPress admin.', 'custom-twitter-feeds' ) );

[322] Fix | Delete

}

[323] Fix | Delete

}

[324] Fix | Delete

}

[325] Fix | Delete

[326] Fix | Delete

wp_send_json_error( $error );

[327] Fix | Delete

}

[328] Fix | Delete

[329] Fix | Delete

/**

[330] Fix | Delete

* Whether or not it's likely to be a reachable URL for upgrade

[331] Fix | Delete

*

[332] Fix | Delete

* @param string $url

[333] Fix | Delete

*

[334] Fix | Delete

* @return bool

[335] Fix | Delete

*

[336] Fix | Delete

* @since 4.0

[337] Fix | Delete

*/

[338] Fix | Delete

public static function is_dev_url( $url = '' ) {

[339] Fix | Delete

$is_local_url = false;

[340] Fix | Delete

// Trim it up

[341] Fix | Delete

$url = strtolower( trim( $url ) );

[342] Fix | Delete

// Need to get the host...so let's add the scheme so we can use parse_url

[343] Fix | Delete

if ( false === strpos( $url, 'http://' ) && false === strpos( $url, 'https://' ) ) {

[344] Fix | Delete

$url = 'http://' . $url;

[345] Fix | Delete

}

[346] Fix | Delete

$url_parts = parse_url( $url );

[347] Fix | Delete

$host = ! empty( $url_parts['host'] ) ? $url_parts['host'] : false;

[348] Fix | Delete

if ( ! empty( $url ) && ! empty( $host ) ) {

[349] Fix | Delete

if ( false !== ip2long( $host ) ) {

[350] Fix | Delete

if ( ! filter_var( $host, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE ) ) {

[351] Fix | Delete

$is_local_url = true;

[352] Fix | Delete

}

[353] Fix | Delete

} elseif ( 'localhost' === $host ) {

[354] Fix | Delete

$is_local_url = true;

[355] Fix | Delete

}

[356] Fix | Delete

[357] Fix | Delete

$tlds_to_check = array( '.local', ':8888', ':8080', ':8081', '.invalid', '.example', '.test' );

[358] Fix | Delete

foreach ( $tlds_to_check as $tld ) {

[359] Fix | Delete

if ( false !== strpos( $host, $tld ) ) {

[360] Fix | Delete

$is_local_url = true;

[361] Fix | Delete

break;

[362] Fix | Delete

}

[363] Fix | Delete

}

[364] Fix | Delete

if ( substr_count( $host, '.' ) > 1 ) {

[365] Fix | Delete

$subdomains_to_check = array();

[366] Fix | Delete

foreach ( $subdomains_to_check as $subdomain ) {

[367] Fix | Delete

$subdomain = str_replace( '.', '(.)', $subdomain );

[368] Fix | Delete

$subdomain = str_replace( array( '*', '(.)' ), '(.*)', $subdomain );

[369] Fix | Delete

if ( preg_match( '/^(' . $subdomain . ')/', $host ) ) {

[370] Fix | Delete

$is_local_url = true;

[371] Fix | Delete

break;

[372] Fix | Delete

}

[373] Fix | Delete

}

[374] Fix | Delete

}

[375] Fix | Delete

}

[376] Fix | Delete

return $is_local_url;

[377] Fix | Delete

}

[378] Fix | Delete

[379] Fix | Delete

/**

[380] Fix | Delete

* Handle API Response and check for an error.

[381] Fix | Delete

*

[382] Fix | Delete

* @param array $response

[383] Fix | Delete

*

[384] Fix | Delete

* @return string

[385] Fix | Delete

*

[386] Fix | Delete

* @since 4.0

[387] Fix | Delete

*/

[388] Fix | Delete

public static function get_error_message( $response ) {

[389] Fix | Delete

$message = '';

[390] Fix | Delete

if ( isset( $response['error'] ) ) {

[391] Fix | Delete

$error = sanitize_text_field( $response['error'] );

[392] Fix | Delete

switch ( $error ) {

[393] Fix | Delete

case 'expired':

[394] Fix | Delete

$message = __( 'This license is expired.', 'custom-twitter-feeds' );

[395] Fix | Delete

break;

[396] Fix | Delete

default:

[397] Fix | Delete

$message = __( 'We encountered a problem unlocking the PRO features. Please install the PRO version manually.', 'custom-twitter-feeds' );

[398] Fix | Delete

}

[399] Fix | Delete

}

[400] Fix | Delete

[401] Fix | Delete

return $message;

[402] Fix | Delete

}

[403] Fix | Delete

[404] Fix | Delete

}

[405] Fix | Delete

[406] Fix | Delete