laipower/wp-content/plugins/easy-digital-downloads/includes/utils/class-tokenizer.php

<?php
/**
 * Tokenizer
 *
 * A class for generating tokens as an alternative to nonce verification.
 * This is designed to work a little better with full page caching.
 *
 * @package   easy-digital-downloads
 * @copyright Copyright (c) 2021, Sandhills Development, LLC
 * @license   GPL2+
 * @since     2.11
 */

namespace EDD\Utils;

class Tokenizer {

	/**
	 * @var mixed Data to tokenize.
	 */
	private $data;

	/**
	 * Tokenizer constructor.
	 *
	 * @param string|int|float $data Data to be tokenized.
	 */
	public function __construct( $data ) {
		$this->data = $data;
	}

	/**
	 * Retrieves the signing key.
	 *
	 * @since 2.11
	 *
	 * @return string
	 */
	private function get_signing_key() {
		$key = get_option( 'edd_tokenizer_signing_key' );
		if ( empty( $key ) ) {
			$key = $this->generate_and_save_signing_key();
		}

		return $key;
	}

	/**
	 * Generates and saves a new signing key.
	 *
	 * @since 2.11
	 *
	 * @return string
	 */
	private function generate_and_save_signing_key() {
		if ( function_exists( 'random_bytes' ) ) {
			try {
				$key = bin2hex( random_bytes( 32 ) );
			} catch ( \Exception $e ) {
				// If this failed for some reason, we'll generate using the fallback below.
			}
		}

		if ( empty( $key ) ) {
			$key = function_exists( 'openssl_random_pseudo_bytes' ) ? bin2hex( openssl_random_pseudo_bytes( 32 ) ) : md5( uniqid() );
		}

		update_option( 'edd_tokenizer_signing_key', $key );

		return $key;
	}

	/**
	 * Generates a token from the data.
	 *
	 * @since 2.11
	 *
	 * @return string|false
	 */
	public function generate_token() {
		return hash_hmac( 'sha256', $this->data, $this->get_signing_key() );
	}

	/**
	 * Determines whether or not the supplied token is valid for the
	 * supplied data.
	 *
	 * @since 2.11
	 *
	 * @param string           $token Token to check.
	 * @param string|int|float $data  Data that's been tokenized.
	 *
	 * @return bool
	 */
	public static function is_token_valid( $token, $data ) {
		$real_token = self::tokenize( $data );

		return hash_equals( $token, $real_token );
	}

	/**
	 * Generates a token for the supplied data.
	 *
	 * @since 2.11
	 *
	 * @param string|int|float $data
	 *
	 * @return string|false
	 */
	public static function tokenize( $data ) {
		if ( is_array( $data ) ) {
			$data = json_encode( $data );
		}

		$generator = new Tokenizer( $data );

		return $generator->generate_token();
	}

}
installed plugin `Easy Digital Downloads` version 3.1.0.3 2022-11-27 15:03:07 +00:00			`<?php`
			`/**`
			`* Tokenizer`
			`*`
			`* A class for generating tokens as an alternative to nonce verification.`
			`* This is designed to work a little better with full page caching.`
			`*`
			`* @package easy-digital-downloads`
			`* @copyright Copyright (c) 2021, Sandhills Development, LLC`
			`* @license GPL2+`
			`* @since 2.11`
			`*/`

			`namespace EDD\Utils;`

			`class Tokenizer {`

			`/**`
			`* @var mixed Data to tokenize.`
			`*/`
			`private $data;`

			`/**`
			`* Tokenizer constructor.`
			`*`
			`* @param string\|int\|float $data Data to be tokenized.`
			`*/`
			`public function __construct( $data ) {`
			`$this->data = $data;`
			`}`

			`/**`
			`* Retrieves the signing key.`
			`*`
			`* @since 2.11`
			`*`
			`* @return string`
			`*/`
			`private function get_signing_key() {`
			`$key = get_option( 'edd_tokenizer_signing_key' );`
			`if ( empty( $key ) ) {`
			`$key = $this->generate_and_save_signing_key();`
			`}`

			`return $key;`
			`}`

			`/**`
			`* Generates and saves a new signing key.`
			`*`
			`* @since 2.11`
			`*`
			`* @return string`
			`*/`
			`private function generate_and_save_signing_key() {`
			`if ( function_exists( 'random_bytes' ) ) {`
			`try {`
			`$key = bin2hex( random_bytes( 32 ) );`
			`} catch ( \Exception $e ) {`
			`// If this failed for some reason, we'll generate using the fallback below.`
			`}`
			`}`

			`if ( empty( $key ) ) {`
			`$key = function_exists( 'openssl_random_pseudo_bytes' ) ? bin2hex( openssl_random_pseudo_bytes( 32 ) ) : md5( uniqid() );`
			`}`

			`update_option( 'edd_tokenizer_signing_key', $key );`

			`return $key;`
			`}`

			`/**`
			`* Generates a token from the data.`
			`*`
			`* @since 2.11`
			`*`
			`* @return string\|false`
			`*/`
			`public function generate_token() {`
			`return hash_hmac( 'sha256', $this->data, $this->get_signing_key() );`
			`}`

			`/**`
			`* Determines whether or not the supplied token is valid for the`
			`* supplied data.`
			`*`
			`* @since 2.11`
			`*`
			`* @param string $token Token to check.`
			`* @param string\|int\|float $data Data that's been tokenized.`
			`*`
			`* @return bool`
			`*/`
			`public static function is_token_valid( $token, $data ) {`
			`$real_token = self::tokenize( $data );`

			`return hash_equals( $token, $real_token );`
			`}`

			`/**`
			`* Generates a token for the supplied data.`
			`*`
			`* @since 2.11`
			`*`
			`* @param string\|int\|float $data`
			`*`
			`* @return string\|false`
			`*/`
			`public static function tokenize( $data ) {`
			`if ( is_array( $data ) ) {`
			`$data = json_encode( $data );`
			`}`

			`$generator = new Tokenizer( $data );`

			`return $generator->generate_token();`
			`}`

			`}`