kawaiipunk/laipower
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

modified file enshrined

Browse Source
This commit is contained in:
KawaiiPunk
2024-07-19 19:46:16 +00:00
committed by Gitium
parent 39ec06fbc1
commit 51937c2f57
856 changed files with 3722 additions and 180872 deletions
Download Patch File Download Diff File Expand all files Collapse all files

242
wp-content/upgrade-temp-backup/plugins/jetpack-protect/CHANGELOG.md
View File

@ -1,242 +0,0 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## 2.1.0 - 2024-04-10
### Added
- Add data to WAF logs and add toggle for users to opt-in to share more data with us if needed. [#36377]
- Added firewall standalone mode indicator. [#34840]
- Added onboarding flows. [#34649]
### Changed
- General: indicate compatibility with the upcoming version of WordPress, 6.5. [#35820]
- Updated package dependencies. [#36325]
- Updated package lockfile. [#35672]
- Use blog ID instead of site slug in checkout links. [#35004]
### Fixed
- Jetpack Protect footer: Ensured that links to the cloud and the promotion around it are not shown if you are on a platform where the firewall is not supported. [#36794]
- Prevent text orphans in the site scanning header. [#35935]
## 2.0.0 - 2024-01-18
### Changed
- Firewall: use datetime versioning for rules file updates. [#34698]
- General: unify display of notifications across Scan and Firewall screens [#34702]
- General: indicate full compatibility with the latest version of WordPress, 6.4. [#33776]
- General: update PHP requirement to PHP 7.0+ [#34126]
- General: update WordPress version requirements to WordPress 6.3. [#34127]
- General: update package dependencies. [#34882]
- General: update lockfile. [#33607]
### Fixed
- Fix Modal component overflow scrolling. [#34475]
- Fix Popover component styling. [#34424]
- Improved helper script installer logging. [#34297]
## 1.4.2 - 2023-10-19
### Changed
- General: update WordPress version requirements to WordPress 6.2. [#32762] [#32772]
- Updated Jetpack submenu sort order so individual features are alpha-sorted. [#32958]
- Updated method used to render Connection initial state. [#32499]
- Updated package dependencies. [#33692]
## 1.4.1 - 2023-07-18
### Changed
- Brute Force Protection: add access to feature in environments that otherwise do not support the WAF. [#31952]
- General: indicate full compatibility with the latest version of WordPress, 6.3. [#31910]
- Update WordPress version requirements. Now requires version 6.1. [#30120]
- Update package dependencies. [#31952]
### Fixed
- Scan: Fixed sorting of threats by severity. [#31124]
- License Activation: add filtering for unattached and unrevoked licenses within upgrade flow check. [#31086]
## 1.4.0 - 2023-05-05
### Added
- Add brute force protection. [#28401]
### Changed
- General: indicate full compatibility with the latest version of WordPress, 6.2. [#29341]
- Improve the firewall status heading to provide more information based on the current configuration. [#28401]
- Updated package dependencies. [#29480]
## 1.3.0 - 2023-03-13
### Added
- Add ability to toggle automatic and manual firewall rules independently. [#27726]
- Add improved messaging for currently enabled firewall features. [#27845]
- Disable Jetpack Firewall on unsupported environments. [#27939]
- Add link to pricing page for getting started with an existing plan or license key. [#27745]
### Changed
- Updated package dependencies. [#29297]
- Update to React 18. [#28710]
- Use `flex-start`/`flex-end` instead of `start`/`end` for better browser compatibility. [#28530]
### Fixed
- Fix connection button loading indicators. [#28514]
- Fix Protect status report caching. [#28766]
- Remove unnecessary full path from example in UI. [#29037]
- Other assorted fixes for minor bugs and grammar. [#27846] [#28091] [#28397] [#28273]
## 1.2.0 - 2023-01-16
### Added
- Add web application firewall (WAF) features [#27528]
- Add progress bar to site scannnig screen [#27171]
### Fixed
- Poll for scan status while scanner is provisioning [#28275]
- Bug fixes
## 1.1.2 - 2022-11-30
### Changed
- changed description and author [#27618]
- Updated package dependencies. [#27043]
## 1.1.1 - 2022-11-18
### Fixed
- Fix issue with plugin activation.
## 1.1.0 - 2022-11-17
### Added
- Add features for paid Jetpack Scan users, including file and database threats, on-demand scanning, and threat auto-fixers.
### Changed
- Compatibility: WordPress 6.1 compatibility
### Fixed
- Adjust alignment of spinner icon and loading text on the in-progress scan screen.
## 1.0.4 - 2022-08-29
### Fixed
- Fixed NaN error that prevented the pricing interstitial from rendering.
## 1.0.3 - 2022-08-26
### Added
- Added a default 'See all results' label to the mobile navigation button.
- Added a spinner to the in progress scan page in admin
- Added JITM functionality
- Added threat descriptions.
- My Jetpack includes JITMs
### Changed
- Add condition to check plugin activation context before redirecting
### Fixed
- Fixed alignment of long navigation item labels on mobile screen sizes.
## 1.0.2 - 2022-07-27
### Changed
- Updated package dependencies.
### Fixed
- Fix protect admin toolbar icon display when Jetpack enabled and connected
- Minor bug fix - added isset() checks for report data properties
## 1.0.1 - 2022-07-07
### Added
- Added two new FAQ entries
- Protect: record even just after the site is registered
### Changed
- Moved normalization of the Protect status report data to the server side.
- Renamed `master` references to `trunk`
- Reorder JS imports for `import/order` eslint rule.
### Fixed
- Fixed bug that would not display Core vulnerabilities.
- Removed legacy code and documentation and adds new docs for the debug helper plugin.
- Fixed recommendation for plugins that don't have a fix yet
- Protect: Fix visual issue of the Interstitial page
## 1.0.0 - 2022-05-31
### Added
- Add additional tracking events
- Add Alert icon to the error admin page
- Add checks to the Site Health page
- Add custom hook to handle viewport sizes via CSS
- Add error message when adding plugin fails
- Add first approach of Interstitial page
- Add Jetpack Scan to promotion section when site doesn't have Security bundle
- Add missing prop-types module dependency
- Add Navigation dropdown mode and use it for small/medium screens
- Add ProductOffer component
- Add product offer component
- Add title and redirect for vul at wpscan
- Add 'get themes' to synced callables in Protect
- Add installedThemes to the initial state
- Add notifications to the menu item and the admin bar
- Add status polling to the Protect admin page.
- Added details to the FAQ question on how Jetpack Protect is different from other Jetpack products.
- Added Jetpack Protect readme file for the plugin listing.
- Added option to display terms of service below product activation button.
- Added Social card to My Jetpack.
- Added the list of installed plugins to the initial state
- Change ConnectScreen by the Interstitial component
- Creates Status Class
- Empty state screen
- Expose and use IconsCard component
- Flush cache on plugin deactivation
- Footer component
- Handle error in the UI
- Hooks on plugin activation and deactivation
- Hook to read data from the initial state
- Implement Footer
- Implement Add Security bundle workflow
- Introduce Accordion component
- Introduce Navigation component
- Introduce Summary component
- Introduce VulnerabilitiesList component
- JS Components: Introduce Alert component. Add error to ProductOffer components
- More options to the testing api responses
- Record admin page-view and get security from footer events
- Render Security component with data provided by wpcom
- Request and expose to the client the Security bundle data
- Update logo
### Changed
- Add empty state for no vuls
- Add popover at Badge
- Cache empty statuses for a short period of time
- Changed connection screen to the one that does not require a product
- Changed the method used to disconnect
- Changed the wording for the initial screen.
- Change expiration time of plugin cache
- Clean connection data. Update to latest connection API
- Configure Sync to only what we need to sync
- Janitorial: require a more recent version of WordPress now that WP 6.0 is coming out.
- JS Components: Add subTitle prop to ProductOffer component
- JS Components: iterate over Dialog component
- Improve Dialog layout in medium viewport size
- Move VulnerabilitiesList to section hero
- New VulsList
- Redesign Summary component
- Re-implement "Your results will be ready soon" layout
- Re-implement Admin page by using Dialog component
- Remove use of `pnpx` in preparation for pnpm 7.0.
- Replace deprecated external-link variation by using isExternalLink prop
- Require only site level connection
- Truncate items at NavigationGroup
- Tweak footer
- Update Footer and VulsList for small/medium viewport
- Update Navigation to be external controlled
- Update Protect icon
- Update VulnerabilitiesList to remove severity and add fixed in
- Updated package dependencies.
- Update package.json metadata.
- Updates CTA wording to reduce confusion when user already has Jetpack Security Bundle which includes Jetpack Scan
- Update the Status when connection is established
- Use data provided by My Jetpack to render Product offer
- Use weight Button prop to style the "learn more" footer link
- Use a different copy when there are no found vulnerabilities but there are still some unchecked items
### Removed
- Removed Full Sync from loaded modules as Full Sync Immediately is present by default now
### Fixed
- Adjust spacing and overflow properties of the navigation labels to improve display of long names.
- Fix Connectino initialization
- Fix fatal when checking whether site site has vuls
- Fix right margin in primary layout

357
wp-content/upgrade-temp-backup/plugins/jetpack-protect/LICENSE.txt
View File

@ -1,357 +0,0 @@
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
===================================
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

47
wp-content/upgrade-temp-backup/plugins/jetpack-protect/SECURITY.md
View File

@ -1,47 +0,0 @@
# Security Policy
Full details of the Automattic Security Policy can be found on [automattic.com](https://automattic.com/security/).
## Supported Versions
Generally, only the latest version of Jetpack and its associated plugins have continued support. If a critical vulnerability is found in the current version of a plugin, we may opt to backport any patches to previous versions.
## Reporting a Vulnerability
Our HackerOne program covers the below plugin software, as well as a variety of related projects and infrastructure:
* [Jetpack](https://jetpack.com/)
* Jetpack Backup
* Jetpack Boost
* Jetpack CRM
* Jetpack Protect
* Jetpack Search
* Jetpack Social
* Jetpack VideoPress
**For responsible disclosure of security issues and to be eligible for our bug bounty program, please submit your report via the [HackerOne](https://hackerone.com/automattic) portal.**
Our most critical targets are:
* Jetpack and the Jetpack composer packages (all within this repo)
* Jetpack.com -- the primary marketing site.
* cloud.jetpack.com -- a management site.
* wordpress.com -- the shared management site for both Jetpack and WordPress.com sites.
For more targets, see the `In Scope` section on [HackerOne](https://hackerone.com/automattic).
_Please note that the **WordPress software is a separate entity** from Automattic. Please report vulnerabilities for WordPress through [the WordPress Foundation's HackerOne page](https://hackerone.com/wordpress)._
## Guidelines
We're committed to working with security researchers to resolve the vulnerabilities they discover. You can help us by following these guidelines:
* Follow [HackerOne's disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
* Pen-testing Production:
* Please **setup a local environment** instead whenever possible. Most of our code is open source (see above).
* If that's not possible, **limit any data access/modification** to the bare minimum necessary to reproduce a PoC.
* **_Don't_ automate form submissions!** That's very annoying for us, because it adds extra work for the volunteers who manage those systems, and reduces the signal/noise ratio in our communication channels.
* To be eligible for a bounty, all of these guidelines must be followed.
* Be Patient - Give us a reasonable time to correct the issue before you disclose the vulnerability.
We also expect you to comply with all applicable laws. You're responsible to pay any taxes associated with your bounties.

BIN
wp-content/upgrade-temp-backup/plugins/jetpack-protect/assets/fonts/jetpack-protect.eot
View File

Binary file not shown.

11
wp-content/upgrade-temp-backup/plugins/jetpack-protect/assets/fonts/jetpack-protect.svg
View File

@ -1,11 +0,0 @@
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" >
<svg xmlns="http://www.w3.org/2000/svg">
<metadata>Generated by IcoMoon</metadata>
<defs>
<font id="jetpack-protect" horiz-adv-x="1024">
<font-face units-per-em="1024" ascent="960" descent="-64" />
<missing-glyph horiz-adv-x="1024" />
<glyph unicode="&#x20;" horiz-adv-x="512" d="" />
<glyph unicode="&#xe900;" glyph-name="protect" d="M891.73 737.552l-376.745 171.248-376.744-171.248v-255.284c0-217.615 139.767-423.66 336.854-488.663 25.898-8.54 53.883-8.54 79.78 0 197.089 65.004 336.855 271.048 336.855 488.663v255.284zM221.962 482.268v201.375l293.023 133.193 293.023-133.193v-201.375c0-184.909-119.726-356.506-279.357-409.155-8.863-2.924-18.465-2.924-27.333 0-159.627 52.649-279.355 224.246-279.355 409.155zM547.958 377.569h-65.252l-6.214 248.056h77.682l-6.216-248.056zM557.537 289.531c0-22.784-18.642-40.648-42.204-40.648-23.564 0-42.207 17.864-42.207 40.648 0 22.789 18.643 40.653 42.207 40.653 23.562 0 42.204-17.864 42.204-40.653z" />
</font></defs></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 1.1 KiB

BIN
wp-content/upgrade-temp-backup/plugins/jetpack-protect/assets/fonts/jetpack-protect.ttf
View File

Binary file not shown.

BIN
wp-content/upgrade-temp-backup/plugins/jetpack-protect/assets/fonts/jetpack-protect.woff
View File

Binary file not shown.

30
wp-content/upgrade-temp-backup/plugins/jetpack-protect/assets/jetpack-protect.css
View File

@ -1,30 +0,0 @@
@font-face {
font-family: 'jetpack-protect';
src: url('fonts/jetpack-protect.eot?31wpn');
src: url('fonts/jetpack-protect.eot?31wpn#iefix') format('embedded-opentype'),
url('fonts/jetpack-protect.ttf?31wpn') format('truetype'),
url('fonts/jetpack-protect.woff?31wpn') format('woff'),
url('fonts/jetpack-protect.svg?31wpn#jetpack-protect') format('svg');
font-weight: normal;
font-style: normal;
font-display: block;
}
[class^="jp-protect-icon"], [class*=" jp-protect-icon"] {
/* use !important to prevent issues with browser extensions that change fonts */
font-family: 'jetpack-protect' !important;
speak: never;
font-style: normal;
font-weight: normal;
font-variant: normal;
text-transform: none;
line-height: 1;
/* Better Font Rendering =========== */
-webkit-font-smoothing: antialiased;
-moz-osx-font-smoothing: grayscale;
}
.jp-protect-icon:before {
content: "\e900";
}

BIN
wp-content/upgrade-temp-backup/plugins/jetpack-protect/build/images/in-progress-db145d62b5ef09c05ad7.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 15 KiB

1
wp-content/upgrade-temp-backup/plugins/jetpack-protect/build/index.asset.php
View File

@ -1 +0,0 @@
<?php return array('dependencies' => array('moment', 'react', 'wp-api-fetch', 'wp-components', 'wp-compose', 'wp-data', 'wp-date', 'wp-element', 'wp-i18n', 'wp-polyfill', 'wp-primitives', 'wp-url'), 'version' => 'c12994dcc943f0a86ea0');

1
wp-content/upgrade-temp-backup/plugins/jetpack-protect/build/index.css
View File

File diff suppressed because one or more lines are too long

48
wp-content/upgrade-temp-backup/plugins/jetpack-protect/build/index.js
View File

File diff suppressed because one or more lines are too long

35
wp-content/upgrade-temp-backup/plugins/jetpack-protect/build/index.js.LICENSE.txt
View File

@ -1,35 +0,0 @@
/*
* Exposes number format capability
*
* @copyright Copyright (c) 2013 Kevin van Zonneveld (http://kvz.io) and Contributors (http://phpjs.org/authors).
* @license See CREDITS.md
* @see https://github.com/kvz/phpjs/blob/ffe1356af23a6f2512c84c954dd4e828e92579fa/functions/strings/number_format.js
*/
/*!
Copyright (c) 2018 Jed Watson.
Licensed under the MIT License (MIT), see
http://jedwatson.github.io/classnames
*/
/**
* React Router DOM v6.2.2
*
* Copyright (c) Remix Software Inc.
*
* This source code is licensed under the MIT license found in the
* LICENSE.md file in the root directory of this source tree.
*
* @license MIT
*/
/**
* React Router v6.2.2
*
* Copyright (c) Remix Software Inc.
*
* This source code is licensed under the MIT license found in the
* LICENSE.md file in the root directory of this source tree.
*
* @license MIT
*/

1
wp-content/upgrade-temp-backup/plugins/jetpack-protect/build/index.rtl.css
View File

File diff suppressed because one or more lines are too long

76
wp-content/upgrade-temp-backup/plugins/jetpack-protect/composer.json
View File

@ -1,76 +0,0 @@
{
"name": "automattic/jetpack-protect",
"description": "Social plugin",
"type": "wordpress-plugin",
"license": "GPL-2.0-or-later",
"require": {
"ext-json": "*",
"automattic/jetpack-assets": "^2.1.4",
"automattic/jetpack-admin-ui": "^0.4.1",
"automattic/jetpack-autoloader": "^3.0.3",
"automattic/jetpack-composer-plugin": "^2.0.1",
"automattic/jetpack-config": "^2.0.1",
"automattic/jetpack-identity-crisis": "^0.17.3",
"automattic/jetpack-my-jetpack": "^4.17.0",
"automattic/jetpack-plugins-installer": "^0.3.2",
"automattic/jetpack-sync": "^2.10.1",
"automattic/jetpack-transport-helper": "^0.2.2",
"automattic/jetpack-plans": "^0.4.3",
"automattic/jetpack-waf": "^0.16.0.1",
"automattic/jetpack-status": "^2.1.2"
},
"require-dev": {
"yoast/phpunit-polyfills": "1.1.0",
"automattic/jetpack-changelogger": "^4.1.1",
"automattic/wordbless": "0.4.2"
},
"autoload": {
"classmap": [
"src/"
]
},
"scripts": {
"phpunit": [
"./vendor/phpunit/phpunit/phpunit --colors=always"
],
"test-php": [
"@composer phpunit"
],
"build-development": [
"pnpm run build"
],
"build-production": [
"pnpm run build-production-concurrently"
],
"watch": [
"Composer\\Config::disableProcessTimeout",
"pnpm run watch"
],
"post-install-cmd": "WorDBless\\Composer\\InstallDropin::copy",
"post-update-cmd": "WorDBless\\Composer\\InstallDropin::copy"
},
"repositories": [],
"minimum-stability": "dev",
"prefer-stable": true,
"extra": {
"mirror-repo": "Automattic/jetpack-protect-plugin",
"autorelease": true,
"autotagger": {
"v": false
},
"release-branch-prefix": "protect",
"wp-plugin-slug": "jetpack-protect",
"wp-svn-autopublish": true,
"version-constants": {
"JETPACK_PROTECT_VERSION": "jetpack-protect.php"
}
},
"config": {
"allow-plugins": {
"roots/wordpress-core-installer": true,
"automattic/jetpack-autoloader": true,
"automattic/jetpack-composer-plugin": true
},
"autoloader-suffix": "c4802e05bbcf59fd3b6350e8d3e5482c_protectⓥ2_1_0"
}
}

123
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack-protect.php
View File

@ -1,123 +0,0 @@
<?php
/**
* Plugin Name: Jetpack Protect
* Plugin URI: https://wordpress.org/plugins/jetpack-protect
* Description: Security tools that keep your site safe and sound, from posts to plugins.
* Version: 2.1.0
* Author: Automattic - Jetpack Security team
* Author URI: https://jetpack.com/protect/
* License: GPLv2 or later
* Text Domain: jetpack-protect
*
* @package automattic/jetpack-protect
*/
/*
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
define( 'JETPACK_PROTECT_VERSION', '2.1.0' );
define( 'JETPACK_PROTECT_DIR', plugin_dir_path( __FILE__ ) );
define( 'JETPACK_PROTECT_ROOT_FILE', __FILE__ );
define( 'JETPACK_PROTECT_ROOT_FILE_RELATIVE_PATH', plugin_basename( __FILE__ ) );
define( 'JETPACK_PROTECT_SLUG', 'jetpack-protect' );
define( 'JETPACK_PROTECT_NAME', 'Jetpack Protect' );
define( 'JETPACK_PROTECT_URI', 'https://jetpack.com/jetpack-protect' );
define( 'JETPACK_PROTECT_FOLDER', dirname( plugin_basename( __FILE__ ) ) );
define( 'JETPACK_PROTECT_BASE_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
// Jetpack Autoloader.
$jetpack_autoloader = JETPACK_PROTECT_DIR . 'vendor/autoload_packages.php';
if ( is_readable( $jetpack_autoloader ) ) {
require_once $jetpack_autoloader;
if ( method_exists( \Automattic\Jetpack\Assets::class, 'alias_textdomains_from_file' ) ) {
\Automattic\Jetpack\Assets::alias_textdomains_from_file( JETPACK_PROTECT_DIR . 'jetpack_vendor/i18n-map.php' );
}
} else { // Something very unexpected. Error out gently with an admin_notice and exit loading.
if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_error_log
__( 'Error loading autoloader file for Jetpack Protect plugin', 'jetpack-protect' )
);
}
add_action(
'admin_notices',
function () {
?>
<div class="notice notice-error is-dismissible">
<p>
<?php
printf(
wp_kses(
/* translators: Placeholder is a link to a support document. */
__( 'Your installation of Jetpack Protect is incomplete. If you installed Jetpack Protect from GitHub, please refer to <a href="%1$s" target="_blank" rel="noopener noreferrer">this document</a> to set up your development environment. Jetpack Protect must have Composer dependencies installed and built via the build command.', 'jetpack-protect' ),
array(
'a' => array(
'href' => array(),
'target' => array(),
'rel' => array(),
),
)
),
'https://github.com/Automattic/jetpack/blob/trunk/docs/development-environment.md#building-your-project'
);
?>
</p>
</div>
<?php
}
);
return;
}
// Redirect to plugin page when the plugin is activated.
add_action( 'activated_plugin', 'jetpack_protect_plugin_activation' );
/**
* Redirects to plugin page when the plugin is activated
*
* @param string $plugin Path to the plugin file relative to the plugins directory.
*/
function jetpack_protect_plugin_activation( $plugin ) {
if (
JETPACK_PROTECT_ROOT_FILE_RELATIVE_PATH === $plugin &&
\Automattic\Jetpack\Plugins_Installer::is_current_request_activating_plugin_from_plugins_screen( JETPACK_PROTECT_ROOT_FILE_RELATIVE_PATH )
) {
wp_safe_redirect( esc_url( admin_url( 'admin.php?page=jetpack-protect' ) ) );
exit;
}
}
// Add "Settings" link to plugins page.
add_filter(
'plugin_action_links_' . JETPACK_PROTECT_FOLDER . '/jetpack-protect.php',
function ( $actions ) {
$settings_link = '<a href="' . esc_url( admin_url( 'admin.php?page=jetpack-protect' ) ) . '">' . __( 'Dashboard', 'jetpack-protect' ) . '</a>';
array_unshift( $actions, $settings_link );
return $actions;
}
);
register_activation_hook( __FILE__, array( 'Jetpack_Protect', 'plugin_activation' ) );
register_deactivation_hook( __FILE__, array( 'Jetpack_Protect', 'plugin_deactivation' ) );
// Main plugin class.
new Jetpack_Protect();

166
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-a8c-mc-stats/CHANGELOG.md
View File

@ -1,166 +0,0 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [2.0.1] - 2024-03-12
### Changed
- Internal updates.
## [2.0.0] - 2023-11-20
### Changed
- Updated required PHP version to >= 7.0. [#34192]
## [1.4.22] - 2023-09-19
- Minor internal updates.
## [1.4.21] - 2023-08-23
### Changed
- Updated package dependencies. [#32605]
## [1.4.20] - 2023-04-10
### Added
- Add Jetpack Autoloader package suggestion. [#29988]
## [1.4.19] - 2023-02-20
### Changed
- Minor internal updates.
## [1.4.18] - 2023-01-11
### Changed
- Updated package dependencies.
## [1.4.17] - 2022-12-02
### Changed
- Updated package dependencies. [#27688]
## [1.4.16] - 2022-11-22
### Changed
- Updated package dependencies. [#27043]
## [1.4.15] - 2022-07-26
### Changed
- Updated package dependencies. [#25158]
## [1.4.14] - 2022-06-21
### Changed
- Renaming master to trunk.
## [1.4.13] - 2022-04-26
### Changed
- Updated package dependencies.
## [1.4.12] - 2022-01-25
### Changed
- Updated package dependencies.
## [1.4.11] - 2022-01-04
### Changed
- Switch to pcov for code coverage.
- Updated package dependencies
## [1.4.10] - 2021-12-14
### Changed
- Updated package dependencies.
## [1.4.9] - 2021-11-02
### Changed
- Set `convertDeprecationsToExceptions` true in PHPUnit config.
- Update PHPUnit configs to include just what needs coverage rather than include everything then try to exclude stuff that doesn't.
## [1.4.8] - 2021-10-13
### Changed
- Updated package dependencies.
## [1.4.7] - 2021-10-12
### Changed
- Updated package dependencies
## [1.4.6] - 2021-09-28
### Changed
- Updated package dependencies.
## [1.4.5] - 2021-08-30
### Changed
- Run composer update on test-php command instead of phpunit
- Tests: update PHPUnit polyfills dependency (yoast/phpunit-polyfills).
- updated annotations versions
## [1.4.4] - 2021-05-25
### Changed
- Updated package dependencies.
## [1.4.3] - 2021-04-08
### Changed
- Packaging and build changes, no change to the package itself.
## [1.4.2] - 2021-03-30
### Added
- Composer alias for dev-master, to improve dependencies
### Changed
- Update package dependencies.
### Fixed
- Use `composer update` rather than `install` in scripts, as composer.lock isn't checked in.
## [1.4.1] - 2021-02-05
- CI: Make tests more generic
## [1.4.0] - 2021-01-20
- Add mirror-repo information to all current composer packages
## [1.3.0] - 2020-12-17
- Coverage Update whitelist for backend tests
- Pin dependencies
- Packages: Update for PHP 8 testing
## [1.2.0] - 2020-09-17
## [1.1.1] - 2020-09-17
- a8c-mc-stats: Do not distribute test files
## [1.1.0] - 2020-08-13
- CI: Try collect js coverage
## 1.0.0 - 2020-07-27
- Creates the MC Stats package
[2.0.1]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v2.0.0...v2.0.1
[2.0.0]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.22...v2.0.0
[1.4.22]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.21...v1.4.22
[1.4.21]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.20...v1.4.21
[1.4.20]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.19...v1.4.20
[1.4.19]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.18...v1.4.19
[1.4.18]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.17...v1.4.18
[1.4.17]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.16...v1.4.17
[1.4.16]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.15...v1.4.16
[1.4.15]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.14...v1.4.15
[1.4.14]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.13...v1.4.14
[1.4.13]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.12...v1.4.13
[1.4.12]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.11...v1.4.12
[1.4.11]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.10...v1.4.11
[1.4.10]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.9...v1.4.10
[1.4.9]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.8...v1.4.9
[1.4.8]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.7...v1.4.8
[1.4.7]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.6...v1.4.7
[1.4.6]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.5...v1.4.6
[1.4.5]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.4...v1.4.5
[1.4.4]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.3...v1.4.4
[1.4.3]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.2...v1.4.3
[1.4.2]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.1...v1.4.2
[1.4.1]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.4.0...v1.4.1
[1.4.0]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.3.0...v1.4.0
[1.3.0]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.2.0...v1.3.0
[1.2.0]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.1.1...v1.2.0
[1.1.1]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.1.0...v1.1.1
[1.1.0]: https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v1.0.0...v1.1.0

357
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-a8c-mc-stats/LICENSE.txt
View File

@ -1,357 +0,0 @@
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
===================================
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

47
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-a8c-mc-stats/SECURITY.md
View File

@ -1,47 +0,0 @@
# Security Policy
Full details of the Automattic Security Policy can be found on [automattic.com](https://automattic.com/security/).
## Supported Versions
Generally, only the latest version of Jetpack and its associated plugins have continued support. If a critical vulnerability is found in the current version of a plugin, we may opt to backport any patches to previous versions.
## Reporting a Vulnerability
Our HackerOne program covers the below plugin software, as well as a variety of related projects and infrastructure:
* [Jetpack](https://jetpack.com/)
* Jetpack Backup
* Jetpack Boost
* Jetpack CRM
* Jetpack Protect
* Jetpack Search
* Jetpack Social
* Jetpack VideoPress
**For responsible disclosure of security issues and to be eligible for our bug bounty program, please submit your report via the [HackerOne](https://hackerone.com/automattic) portal.**
Our most critical targets are:
* Jetpack and the Jetpack composer packages (all within this repo)
* Jetpack.com -- the primary marketing site.
* cloud.jetpack.com -- a management site.
* wordpress.com -- the shared management site for both Jetpack and WordPress.com sites.
For more targets, see the `In Scope` section on [HackerOne](https://hackerone.com/automattic).
_Please note that the **WordPress software is a separate entity** from Automattic. Please report vulnerabilities for WordPress through [the WordPress Foundation's HackerOne page](https://hackerone.com/wordpress)._
## Guidelines
We're committed to working with security researchers to resolve the vulnerabilities they discover. You can help us by following these guidelines:
* Follow [HackerOne's disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
* Pen-testing Production:
* Please **setup a local environment** instead whenever possible. Most of our code is open source (see above).
* If that's not possible, **limit any data access/modification** to the bare minimum necessary to reproduce a PoC.
* **_Don't_ automate form submissions!** That's very annoying for us, because it adds extra work for the volunteers who manage those systems, and reduces the signal/noise ratio in our communication channels.
* To be eligible for a bounty, all of these guidelines must be followed.
* Be Patient - Give us a reasonable time to correct the issue before you disclose the vulnerability.
We also expect you to comply with all applicable laws. You're responsible to pay any taxes associated with your bounties.

41
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-a8c-mc-stats/composer.json
View File

@ -1,41 +0,0 @@
{
"name": "automattic/jetpack-a8c-mc-stats",
"description": "Used to record internal usage stats for Automattic. Not visible to site owners.",
"type": "jetpack-library",
"license": "GPL-2.0-or-later",
"require": {
"php": ">=7.0"
},
"require-dev": {
"yoast/phpunit-polyfills": "1.1.0",
"automattic/jetpack-changelogger": "^4.1.1"
},
"suggest": {
"automattic/jetpack-autoloader": "Allow for better interoperability with other plugins that use this package."
},
"autoload": {
"classmap": [
"src/"
]
},
"scripts": {
"phpunit": [
"./vendor/phpunit/phpunit/phpunit --colors=always"
],
"test-php": [
"@composer phpunit"
]
},
"minimum-stability": "dev",
"prefer-stable": true,
"extra": {
"autotagger": true,
"mirror-repo": "Automattic/jetpack-a8c-mc-stats",
"changelogger": {
"link-template": "https://github.com/Automattic/jetpack-a8c-mc-stats/compare/v${old}...v${new}"
},
"branch-alias": {
"dev-trunk": "2.0.x-dev"
}
}
}

181
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-a8c-mc-stats/src/class-a8c-mc-stats.php
View File

@ -1,181 +0,0 @@
<?php
/**
* Jetpack MC Stats package.
*
* @package automattic/jetpack-mc-stats
*/
namespace Automattic\Jetpack;
/**
* Class MC Stats, used to record stats using https://pixel.wp.com/g.gif
*/
class A8c_Mc_Stats {
/**
* Holds the stats to be processed
*
* @var array
*/
private $stats = array();
/**
* Indicates whether to use the transparent pixel (b.gif) instead of the regular smiley (g.gif)
*
* @var boolean
*/
public $use_transparent_pixel = true;
/**
* Class Constructor
*
* @param boolean $use_transparent_pixel Use the transparent pixel instead of the smiley.
*/
public function __construct( $use_transparent_pixel = true ) {
$this->use_transparent_pixel = $use_transparent_pixel;
}
/**
* Store a stat for later output.
*
* @param string $group The stat group.
* @param string $name The stat name to bump.
*
* @return boolean true if stat successfully added
*/
public function add( $group, $name ) {
if ( ! \is_string( $group ) || ! \is_string( $name ) ) {
return false;
}
if ( ! isset( $this->stats[ $group ] ) ) {
$this->stats[ $group ] = array();
}
if ( \in_array( $name, $this->stats[ $group ], true ) ) {
return false;
}
$this->stats[ $group ][] = $name;
return true;
}
/**
* Gets current stats stored to be processed
*
* @return array $stats
*/
public function get_current_stats() {
return $this->stats;
}
/**
* Return the stats from a group in an array ready to be added as parameters in a query string
*
* @param string $group_name The name of the group to retrieve.
* @return array Array with one item, where the key is the prefixed group and the value are all stats concatenated with a comma. If group not found, an empty array will be returned
*/
public function get_group_query_args( $group_name ) {
$stats = $this->get_current_stats();
if ( isset( $stats[ $group_name ] ) && ! empty( $stats[ $group_name ] ) ) {
return array( "x_jetpack-{$group_name}" => implode( ',', $stats[ $group_name ] ) );
}
return array();
}
/**
* Gets a list of trac URLs for every stored URL
*
* @return array An array of URLs
*/
public function get_stats_urls() {
$urls = array();
foreach ( $this->get_current_stats() as $group => $stat ) {
$group_query_string = $this->get_group_query_args( $group );
$urls[] = $this->build_stats_url( $group_query_string );
}
return $urls;
}
/**
* Outputs the tracking pixels for the current stats and empty the stored stats from the object
*
* @return void
*/
public function do_stats() {
$urls = $this->get_stats_urls();
foreach ( $urls as $url ) {
echo '<img src="' . esc_url( $url ) . '" width="1" height="1" style="display:none;" />';
}
$this->stats = array();
}
/**
* Pings the stats server for the current stats and empty the stored stats from the object
*
* @return void
*/
public function do_server_side_stats() {
$urls = $this->get_stats_urls();
foreach ( $urls as $url ) {
$this->do_server_side_stat( $url );
}
$this->stats = array();
}
/**
* Runs stats code for a one-off, server-side.
*
* @param string $url string The URL to be pinged. Should include `x_jetpack-{$group}={$stats}` or whatever we want to store.
*
* @return bool If it worked.
*/
public function do_server_side_stat( $url ) {
$response = wp_remote_get( esc_url_raw( $url ) );
if ( is_wp_error( $response ) ) {
return false;
}
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
return false;
}
return true;
}
/**
* Builds the stats url.
*
* @param array $args array|string The arguments to append to the URL.
*
* @return string The URL to be pinged.
*/
public function build_stats_url( $args ) {
$defaults = array(
'v' => 'wpcom2',
'rand' => md5( wp_rand( 0, 999 ) . time() ),
);
$args = wp_parse_args( $args, $defaults );
$gifname = true === $this->use_transparent_pixel ? 'b.gif' : 'g.gif';
/**
* Filter the URL used as the Stats tracking pixel.
*
* @since-jetpack 2.3.2
* @since 1.0.0
*
* @param string $url Base URL used as the Stats tracking pixel.
*/
$base_url = apply_filters(
'jetpack_stats_base_url',
'https://pixel.wp.com/' . $gifname
);
$url = add_query_arg( $args, $base_url );
return $url;
}
}

178
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-admin-ui/CHANGELOG.md
View File

@ -1,178 +0,0 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [0.4.1] - 2024-03-12
### Changed
- Internal updates.
## [0.4.0] - 2024-03-01
### Added
- Register menus in network admin as well as regular admin. [#36058]
## [0.3.2] - 2024-01-29
### Fixed
- Wait until 'admin_menu' action to call `add_menu()`, to avoid triggering the l10n load too early. [#35279]
## [0.3.1] - 2023-11-24
## [0.3.0] - 2023-11-20
### Changed
- Updated required PHP version to >= 7.0. [#34192]
## [0.2.25] - 2023-11-14
## [0.2.24] - 2023-10-30
### Fixed
- Handle Akismet submenu even if Jetpack is present, as Jetpack now relies on this package to do so. [#33559]
## [0.2.23] - 2023-09-19
### Changed
- Updated Jetpack submenu sort order so individual features are alpha-sorted. [#32958]
## [0.2.22] - 2023-09-11
### Fixed
- Akismet: update naming to common form [#32908]
## [0.2.21] - 2023-08-23
### Changed
- Updated package dependencies. [#32605]
## [0.2.20] - 2023-04-25
### Fixed
- Avoid errors when used in combination with an older version of the Logo package. [#30136]
## [0.2.19] - 2023-04-10
### Added
- Add Jetpack Autoloader package suggestion. [#29988]
## [0.2.18] - 2023-04-04
### Changed
- Menu icon: update to latest version of the Jetpack logo [#29418]
## [0.2.17] - 2023-02-20
### Changed
- Minor internal updates.
## [0.2.16] - 2023-01-25
### Changed
- Minor internal updates.
## [0.2.15] - 2023-01-11
### Changed
- Updated package dependencies.
## [0.2.14] - 2022-12-02
### Changed
- Updated package dependencies. [#27688]
## [0.2.13] - 2022-11-22
### Changed
- Updated package dependencies. [#27043]
## [0.2.12] - 2022-09-20
### Changed
- Updated package dependencies.
## [0.2.11] - 2022-07-26
### Changed
- Updated package dependencies. [#25158]
## [0.2.10] - 2022-07-12
### Changed
- Updated package dependencies.
## [0.2.9] - 2022-06-21
### Changed
- Renaming master to trunk.
## [0.2.8] - 2022-06-14
### Changed
- Updated package dependencies.
## [0.2.7] - 2022-04-26
### Changed
- Update package.json metadata.
## [0.2.6] - 2022-04-05
### Changed
- Updated package dependencies.
## [0.2.5] - 2022-03-08
### Fixed
- Do not handle Akismet submenu if Jetpack plugin is present
## [0.2.4] - 2022-02-09
### Added
- Support for akismet menu with stand-alone plugins
### Fixed
- Fixes menu order working around a bug in add_submenu_page
## [0.2.3] - 2022-01-25
### Changed
- Updated package dependencies.
## [0.2.2] - 2022-01-18
### Changed
- General: update required node version to v16.13.2
## [0.2.1] - 2022-01-04
### Changed
- Switch to pcov for code coverage.
- Updated package dependencies
## [0.2.0] - 2021-12-14
### Added
- New method to get the top level menu item
## [0.1.1] - 2021-11-17
### Changed
- Set `convertDeprecationsToExceptions` true in PHPUnit config.
- Update PHPUnit configs to include just what needs coverage rather than include everything then try to exclude stuff that doesn't.
## 0.1.0 - 2021-10-13
### Added
- Created the package.
### Changed
- Updated package dependencies.
### Fixed
- Fixing menu visibility issues.
[0.4.1]: https://github.com/Automattic/jetpack-admin-ui/compare/0.4.0...0.4.1
[0.4.0]: https://github.com/Automattic/jetpack-admin-ui/compare/0.3.2...0.4.0
[0.3.2]: https://github.com/Automattic/jetpack-admin-ui/compare/0.3.1...0.3.2
[0.3.1]: https://github.com/Automattic/jetpack-admin-ui/compare/0.3.0...0.3.1
[0.3.0]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.25...0.3.0
[0.2.25]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.24...0.2.25
[0.2.24]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.23...0.2.24
[0.2.23]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.22...0.2.23
[0.2.22]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.21...0.2.22
[0.2.21]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.20...0.2.21
[0.2.20]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.19...0.2.20
[0.2.19]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.18...0.2.19
[0.2.18]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.17...0.2.18
[0.2.17]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.16...0.2.17
[0.2.16]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.15...0.2.16
[0.2.15]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.14...0.2.15
[0.2.14]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.13...0.2.14
[0.2.13]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.12...0.2.13
[0.2.12]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.11...0.2.12
[0.2.11]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.10...0.2.11
[0.2.10]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.9...0.2.10
[0.2.9]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.8...0.2.9
[0.2.8]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.7...0.2.8
[0.2.7]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.6...0.2.7
[0.2.6]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.5...0.2.6
[0.2.5]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.4...0.2.5
[0.2.4]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.3...0.2.4
[0.2.3]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.2...0.2.3
[0.2.2]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.1...0.2.2
[0.2.1]: https://github.com/Automattic/jetpack-admin-ui/compare/0.2.0...0.2.1
[0.2.0]: https://github.com/Automattic/jetpack-admin-ui/compare/0.1.1...0.2.0
[0.1.1]: https://github.com/Automattic/jetpack-admin-ui/compare/0.1.0...0.1.1

357
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-admin-ui/LICENSE.txt
View File

@ -1,357 +0,0 @@
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
===================================
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

47
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-admin-ui/SECURITY.md
View File

@ -1,47 +0,0 @@
# Security Policy
Full details of the Automattic Security Policy can be found on [automattic.com](https://automattic.com/security/).
## Supported Versions
Generally, only the latest version of Jetpack and its associated plugins have continued support. If a critical vulnerability is found in the current version of a plugin, we may opt to backport any patches to previous versions.
## Reporting a Vulnerability
Our HackerOne program covers the below plugin software, as well as a variety of related projects and infrastructure:
* [Jetpack](https://jetpack.com/)
* Jetpack Backup
* Jetpack Boost
* Jetpack CRM
* Jetpack Protect
* Jetpack Search
* Jetpack Social
* Jetpack VideoPress
**For responsible disclosure of security issues and to be eligible for our bug bounty program, please submit your report via the [HackerOne](https://hackerone.com/automattic) portal.**
Our most critical targets are:
* Jetpack and the Jetpack composer packages (all within this repo)
* Jetpack.com -- the primary marketing site.
* cloud.jetpack.com -- a management site.
* wordpress.com -- the shared management site for both Jetpack and WordPress.com sites.
For more targets, see the `In Scope` section on [HackerOne](https://hackerone.com/automattic).
_Please note that the **WordPress software is a separate entity** from Automattic. Please report vulnerabilities for WordPress through [the WordPress Foundation's HackerOne page](https://hackerone.com/wordpress)._
## Guidelines
We're committed to working with security researchers to resolve the vulnerabilities they discover. You can help us by following these guidelines:
* Follow [HackerOne's disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
* Pen-testing Production:
* Please **setup a local environment** instead whenever possible. Most of our code is open source (see above).
* If that's not possible, **limit any data access/modification** to the bare minimum necessary to reproduce a PoC.
* **_Don't_ automate form submissions!** That's very annoying for us, because it adds extra work for the volunteers who manage those systems, and reduces the signal/noise ratio in our communication channels.
* To be eligible for a bounty, all of these guidelines must be followed.
* Be Patient - Give us a reasonable time to correct the issue before you disclose the vulnerability.
We also expect you to comply with all applicable laws. You're responsible to pay any taxes associated with your bounties.

54
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-admin-ui/composer.json
View File

@ -1,54 +0,0 @@
{
"name": "automattic/jetpack-admin-ui",
"description": "Generic Jetpack wp-admin UI elements",
"type": "jetpack-library",
"license": "GPL-2.0-or-later",
"require": {
"php": ">=7.0"
},
"require-dev": {
"yoast/phpunit-polyfills": "1.1.0",
"automattic/jetpack-changelogger": "^4.1.1",
"automattic/jetpack-logo": "^2.0.1",
"automattic/wordbless": "dev-master"
},
"suggest": {
"automattic/jetpack-autoloader": "Allow for better interoperability with other plugins that use this package."
},
"autoload": {
"classmap": [
"src/"
]
},
"scripts": {
"phpunit": [
"./vendor/phpunit/phpunit/phpunit --colors=always"
],
"test-php": [
"@composer phpunit"
],
"post-install-cmd": "WorDBless\\Composer\\InstallDropin::copy",
"post-update-cmd": "WorDBless\\Composer\\InstallDropin::copy"
},
"minimum-stability": "dev",
"prefer-stable": true,
"extra": {
"autotagger": true,
"mirror-repo": "Automattic/jetpack-admin-ui",
"textdomain": "jetpack-admin-ui",
"changelogger": {
"link-template": "https://github.com/Automattic/jetpack-admin-ui/compare/${old}...${new}"
},
"branch-alias": {
"dev-trunk": "0.4.x-dev"
},
"version-constants": {
"::PACKAGE_VERSION": "src/class-admin-menu.php"
}
},
"config": {
"allow-plugins": {
"roots/wordpress-core-installer": true
}
}
}

208
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-admin-ui/src/class-admin-menu.php
View File

@ -1,208 +0,0 @@
<?php
/**
* Admin Menu Registration
*
* @package automattic/jetpack-admin-ui
*/
namespace Automattic\Jetpack\Admin_UI;
/**
* This class offers a wrapper to add_submenu_page and makes sure stand-alone plugin's menu items are always added under the Jetpack top level menu.
* If the Jetpack top level was not previously registered by other plugin, it will be registered here.
*/
class Admin_Menu {
const PACKAGE_VERSION = '0.4.1';
/**
* Whether this class has been initialized
*
* @var boolean
*/
private static $initialized = false;
/**
* List of menu items enqueued to be added
*
* @var array
*/
private static $menu_items = array();
/**
* Initialize the class and set up the main hook
*
* @return void
*/
public static function init() {
if ( ! self::$initialized ) {
self::$initialized = true;
self::handle_akismet_menu();
add_action( 'admin_menu', array( __CLASS__, 'admin_menu_hook_callback' ), 1000 ); // Jetpack uses 998.
add_action( 'network_admin_menu', array( __CLASS__, 'admin_menu_hook_callback' ), 1000 ); // Jetpack uses 998.
}
}
/**
* Handles the Akismet menu item when used alongside other stand-alone plugins
*
* When Jetpack plugin is present, Akismet menu item is moved under the Jetpack top level menu, but if Akismet is active alongside other stand-alone plugins,
* we use this method to move the menu item.
*/
private static function handle_akismet_menu() {
if ( class_exists( 'Akismet_Admin' ) ) {
add_action(
'admin_menu',
function () {
// Prevent Akismet from adding a menu item.
remove_action( 'admin_menu', array( 'Akismet_Admin', 'admin_menu' ), 5 );
// Add an Anti-spam menu item for Jetpack.
self::add_menu( __( 'Akismet Anti-spam', 'jetpack-admin-ui' ), __( 'Akismet Anti-spam', 'jetpack-admin-ui' ), 'manage_options', 'akismet-key-config', array( 'Akismet_Admin', 'display_page' ) );
},
4
);
}
}
/**
* Callback to the admin_menu and network_admin_menu hooks that will register the enqueued menu items
*
* @return void
*/
public static function admin_menu_hook_callback() {
$can_see_toplevel_menu = true;
$jetpack_plugin_present = class_exists( 'Jetpack_React_Page' );
$icon = method_exists( '\Automattic\Jetpack\Assets\Logo', 'get_base64_logo' )
? ( new \Automattic\Jetpack\Assets\Logo() )->get_base64_logo()
: 'dashicons-admin-plugins';
if ( ! $jetpack_plugin_present ) {
add_menu_page(
'Jetpack',
'Jetpack',
'read',
'jetpack',
'__return_null',
$icon,
3
);
// If Jetpack plugin is not present, user will only be able to see this menu if they have enough capability to at least one of the sub menus being added.
$can_see_toplevel_menu = false;
}
/**
* The add_sub_menu function has a bug and will not keep the right order of menu items.
*
* @see https://core.trac.wordpress.org/ticket/52035
* Let's order the items before registering them.
* Since this all happens after the Jetpack plugin menu items were added, all items will be added after Jetpack plugin items - unless position is very low number (smaller than the number of menu items present in Jetpack plugin).
*/
usort(
self::$menu_items,
function ( $a, $b ) {
$position_a = empty( $a['position'] ) ? 0 : $a['position'];
$position_b = empty( $b['position'] ) ? 0 : $b['position'];
$result = $position_a <=> $position_b;
if ( 0 === $result ) {
$result = strcmp( $a['menu_title'], $b['menu_title'] );
}
return $result;
}
);
foreach ( self::$menu_items as $menu_item ) {
if ( ! current_user_can( $menu_item['capability'] ) ) {
continue;
}
$can_see_toplevel_menu = true;
add_submenu_page(
'jetpack',
$menu_item['page_title'],
$menu_item['menu_title'],
$menu_item['capability'],
$menu_item['menu_slug'],
$menu_item['function'],
$menu_item['position']
);
}
if ( ! $jetpack_plugin_present ) {
remove_submenu_page( 'jetpack', 'jetpack' );
}
if ( ! $can_see_toplevel_menu ) {
remove_menu_page( 'jetpack' );
}
}
/**
* Adds a new submenu to the Jetpack Top level menu
*
* The parameters this method accepts are the same as @see add_submenu_page. This class will
* aggreagate all menu items registered by stand-alone plugins and make sure they all go under the same
* Jetpack top level menu. It will also handle the top level menu registration in case the Jetpack plugin is not present.
*
* @param string $page_title The text to be displayed in the title tags of the page when the menu
* is selected.
* @param string $menu_title The text to be used for the menu.
* @param string $capability The capability required for this menu to be displayed to the user.
* @param string $menu_slug The slug name to refer to this menu by. Should be unique for this menu
* and only include lowercase alphanumeric, dashes, and underscores characters
* to be compatible with sanitize_key().
* @param callable $function The function to be called to output the content for this page.
* @param int $position The position in the menu order this item should appear. Leave empty typically.
*
* @return string The resulting page's hook_suffix
*/
public static function add_menu( $page_title, $menu_title, $capability, $menu_slug, $function, $position = null ) {
self::init();
self::$menu_items[] = compact( 'page_title', 'menu_title', 'capability', 'menu_slug', 'function', 'position' );
/**
* Let's return the page hook so consumers can use.
* We know all pages will be under Jetpack top level menu page, so we can hardcode the first part of the string.
* Using get_plugin_page_hookname here won't work because the top level page is not registered yet.
*/
return 'jetpack_page_' . $menu_slug;
}
/**
* Gets the slug for the first item under the Jetpack top level menu
*
* @return string|null
*/
public static function get_top_level_menu_item_slug() {
global $submenu;
if ( ! empty( $submenu['jetpack'] ) ) {
$item = reset( $submenu['jetpack'] );
if ( isset( $item[2] ) ) {
return $item[2];
}
}
}
/**
* Gets the URL for the first item under the Jetpack top level menu
*
* @param string $fallback If Jetpack menu is not there or no children is found, return this fallback instead. Default to admin_url().
* @return string
*/
public static function get_top_level_menu_item_url( $fallback = false ) {
$slug = self::get_top_level_menu_item_slug();
if ( $slug ) {
$url = menu_page_url( $slug, false );
return $url;
}
$url = $fallback ? $fallback : admin_url();
return $url;
}
}

515
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-assets/CHANGELOG.md
View File

@ -1,515 +0,0 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [2.1.4] - 2024-03-12
### Changed
- Internal updates.
## [2.1.3] - 2024-03-12
### Changed
- Updated package dependencies. [#36325]
## [2.1.2] - 2024-03-04
### Changed
- Updated package dependencies. [#36095]
## [2.1.1] - 2024-02-13
### Changed
- Updated package dependencies. [#35608]
## [2.1.0] - 2024-02-05
### Added
- Add support for script enqueuing strategies implemented in WordPress 6.3 [#34072]
### Changed
- Updated package dependencies. [#35384]
## [2.0.4] - 2024-01-04
### Changed
- Updated package dependencies. [#34815]
## [2.0.3] - 2023-12-11
### Changed
- Updated package dependencies. [#34492]
## [2.0.2] - 2023-12-03
### Changed
- Updated package dependencies. [#34411] [#34427]
## [2.0.1] - 2023-11-21
## [2.0.0] - 2023-11-20
### Changed
- Updated required PHP version to >= 7.0. [#34192]
## [1.18.15] - 2023-11-14
### Changed
- Updated package dependencies. [#34093]
## [1.18.14] - 2023-11-03
## [1.18.13] - 2023-10-19
### Changed
- Updated package dependencies. [#33687]
## [1.18.12] - 2023-10-10
### Changed
- Updated package dependencies. [#33428]
### Fixed
- Pass `false`, not `null`, to `WP_Scripts->add()`. [#33513]
## [1.18.11] - 2023-09-19
- Minor internal updates.
## [1.18.10] - 2023-09-04
### Changed
- Updated package dependencies. [#32803]
## [1.18.9] - 2023-08-23
### Changed
- Updated package dependencies. [#32605]
## [1.18.8] - 2023-08-09
### Changed
- Updated package dependencies. [#32166]
## [1.18.7] - 2023-07-11
### Changed
- Updated package dependencies. [#31785]
## [1.18.6] - 2023-07-05
### Changed
- Updated package dependencies. [#31659]
## [1.18.5] - 2023-06-21
### Changed
- Updated package dependencies. [#31468]
## [1.18.4] - 2023-06-06
### Changed
- Updated package dependencies. [#31129]
## [1.18.3] - 2023-05-15
### Changed
- Internal updates.
## [1.18.2] - 2023-05-02
### Changed
- Updated package dependencies. [#30375]
## [1.18.1] - 2023-04-10
### Added
- Add Jetpack Autoloader package suggestion. [#29988]
## [1.18.0] - 2023-04-04
### Changed
- Async script enqueuing: switch to static method. [#29780]
- Updated package dependencies. [#29854]
## [1.17.34] - 2023-03-20
### Changed
- Updated package dependencies. [#29471]
## [1.17.33] - 2023-03-08
### Changed
- Updated package dependencies. [#29216]
## [1.17.32] - 2023-02-20
### Changed
- Minor internal updates.
## [1.17.31] - 2023-02-15
### Changed
- Update to React 18. [#28710]
## [1.17.30] - 2023-01-25
### Changed
- Minor internal updates.
## [1.17.29] - 2023-01-11
### Changed
- Updated package dependencies.
## [1.17.28] - 2022-12-02
### Changed
- Updated package dependencies.
## [1.17.27] - 2022-11-28
### Changed
- Updated package dependencies. [#27576]
## [1.17.26] - 2022-11-22
### Changed
- Updated package dependencies. [#27043]
## [1.17.25] - 2022-11-08
### Changed
- Updated package dependencies. [#27289]
## [1.17.24] - 2022-11-01
### Changed
- Updated package dependencies.
## [1.17.23] - 2022-10-13
### Changed
- Updated package dependencies. [#26791]
## [1.17.22] - 2022-10-05
### Changed
- Updated package dependencies. [#26568]
## [1.17.21] - 2022-08-25
### Changed
- Updated package dependencies. [#25814]
## [1.17.20] - 2022-07-26
### Changed
- Updated package dependencies. [#25158]
## [1.17.19] - 2022-07-12
### Changed
- Updated package dependencies.
## [1.17.18] - 2022-07-06
### Changed
- Updated package dependencies
## [1.17.17] - 2022-06-21
### Changed
- Renaming master to trunk.
## [1.17.16] - 2022-06-14
## [1.17.15] - 2022-06-08
### Changed
- Reorder JS imports for `import/order` eslint rule. [#24601]
## [1.17.14] - 2022-05-18
### Changed
- Updated package dependencies [#24372]
## [1.17.13] - 2022-05-10
### Changed
- Updated package dependencies. [#24302]
## [1.17.12] - 2022-05-04
### Added
- Add missing JavaScript dependencies, and fix a test. [#24096]
## [1.17.11] - 2022-04-26
### Changed
- Updated package dependencies.
## [1.17.10] - 2022-04-19
### Fixed
- Assets: Defer the enqueued script instead of its translations
## [1.17.9] - 2022-04-05
### Changed
- Updated package dependencies.
## [1.17.8] - 2022-03-29
### Changed
- Updated package dependencies.
## [1.17.7] - 2022-03-23
### Changed
- Updated package dependencies.
## [1.17.6] - 2022-03-02
### Changed
- Updated package dependencies.
## [1.17.5] - 2022-02-16
### Changed
- Updated package dependencies.
## [1.17.4] - 2022-02-09
### Changed
- Updated package dependencies.
## [1.17.3] - 2022-02-02
### Fixed
- Fixed minor coding standard violation.
## [1.17.2] - 2022-02-01
### Changed
- Build: remove unneeded files from production build.
## [1.17.1] - 2022-01-27
### Changed
- Updated package dependencies.
## [1.17.0] - 2022-01-25
### Added
- Accept package path prefixes from jetpack-composer-plugin and use them when lazy-loading JS translations.
- Generate the `wp-jp-i18n-loader` module needed by the new i18n-loader-webpack-plugin.
### Deprecated
- Deprecated the `wp-jp-i18n-state` module.
## [1.16.2] - 2022-01-18
### Fixed
- Handle the case where `WP_LANG_DIR` is in `WP_CONTENT_DIR`, but `WP_CONTENT_DIR` is not in `ABSPATH`.
## [1.16.1] - 2022-01-05
### Fixed
- Don't issue a "doing it wrong" warning for registering aliases during plugin activation.
## [1.16.0] - 2022-01-04
### Added
- Document use of jetpack-assets, jetpack-composer-plugin, and i18n-loader-webpack-plugin together.
### Changed
- Switch to pcov for code coverage.
- Updated package dependencies
- Updated package textdomain from `jetpack` to `jetpack-assets`.
## [1.15.0] - 2021-12-20
### Added
- Add `alias_textdomain()`.
## [1.14.0] - 2021-12-14
### Added
- Generate `wp-jp-i18n-state` script.
## [1.13.1] - 2021-11-22
### Fixed
- Call `_doing_it_wrong` correctly.
## [1.13.0] - 2021-11-22
### Added
- Have `Assets::register_script()` accept a textdomain for `wp_set_script_translations` (and complain if no textdomain is passed when `wp-i18n` is depended on).
### Changed
- Updated package dependencies
### Fixed
- Added missing option doc for `Assets::register_script()`.
## [1.12.0] - 2021-11-15
### Added
- Add `Assets::register_script()` for easier loading of Webpack-built scripts.
## [1.11.10] - 2021-11-02
### Changed
- Set `convertDeprecationsToExceptions` true in PHPUnit config.
- Update PHPUnit configs to include just what needs coverage rather than include everything then try to exclude stuff that doesn't.
## [1.11.9] - 2021-10-13
### Changed
- Updated package dependencies.
## [1.11.8] - 2021-10-06
### Changed
- Updated package dependencies
## [1.11.7] - 2021-09-28
### Changed
- Updated package dependencies.
## [1.11.6] - 2021-08-30
### Changed
- Run composer update on test-php command instead of phpunit
- Tests: update PHPUnit polyfills dependency (yoast/phpunit-polyfills).
- update annotations versions
## [1.11.5] - 2021-05-25
### Changed
- Updated package dependencies.
## [1.11.4] - 2021-04-08
### Changed
- Packaging and build changes, no change to the package itself.
## [1.11.3] - 2021-03-30
### Added
- Composer alias for dev-master, to improve dependencies
### Changed
- Update package dependencies.
### Fixed
- Use `composer update` rather than `install` in scripts, as composer.lock isn't checked in.
## [1.11.2] - 2021-02-23
- CI: Make tests more generic
## [1.11.1] - 2021-01-26
- Add mirror-repo information to all current composer packages
- Monorepo: Reorganize all projects
## [1.11.0] - 2021-01-05
- Update dependency brain/monkey to v2.6.0
## [1.10.0] - 2020-12-08
- Assets: introduce new method to process static resources
- Assets: Use defer for script tags
- Pin dependencies
- Packages: Update for PHP 8 testing
## [1.9.1] - 2020-11-24
- Update dependency brain/monkey to v2.5.0
- Updated PHPCS: Packages and Debugger
## [1.9.0] - 2020-10-27
- Instagram oEmbed: Simplify
## [1.8.0] - 2020-09-29
- Consolidate the Lazy Images package to rely on the Assets package
## [1.7.0] - 2020-08-25
- Packages: Update filenames after #16810
- CI: Try collect js coverage
- Docker: Add package testing shortcut
## [1.6.0] - 2020-07-28
- Various: Use wp_resource_hints
## [1.5.0] - 2020-06-30
- PHPCS: Clean up the packages
- WooCommerce Analytics: avoid 404 error when enqueuing script
## [1.4.0] - 2020-05-26
- Add Jetpack Scan threat notifications
## [1.3.0] - 2020-04-28
- Update dependencies to latest stable
## [1.2.0] - 2020-03-31
- Update dependencies to latest stable
## [1.1.1] - 2020-01-27
- Pin dependency brain/monkey to 2.4.0
## [1.1.0] - 2020-01-14
- Packages: Various improvements for wp.com or self-contained consumers
## [1.0.3] - 2019-11-08
- Packages: Use classmap instead of PSR-4
## [1.0.1] - 2019-10-28
- PHPCS: JITM and Assets packages
- Packages: Add gitattributes files to all packages that need th…
## 1.0.0 - 2019-09-14
- Statically access asset tools
[2.1.4]: https://github.com/Automattic/jetpack-assets/compare/v2.1.3...v2.1.4
[2.1.3]: https://github.com/Automattic/jetpack-assets/compare/v2.1.2...v2.1.3
[2.1.2]: https://github.com/Automattic/jetpack-assets/compare/v2.1.1...v2.1.2
[2.1.1]: https://github.com/Automattic/jetpack-assets/compare/v2.1.0...v2.1.1
[2.1.0]: https://github.com/Automattic/jetpack-assets/compare/v2.0.4...v2.1.0
[2.0.4]: https://github.com/Automattic/jetpack-assets/compare/v2.0.3...v2.0.4
[2.0.3]: https://github.com/Automattic/jetpack-assets/compare/v2.0.2...v2.0.3
[2.0.2]: https://github.com/Automattic/jetpack-assets/compare/v2.0.1...v2.0.2
[2.0.1]: https://github.com/Automattic/jetpack-assets/compare/v2.0.0...v2.0.1
[2.0.0]: https://github.com/Automattic/jetpack-assets/compare/v1.18.15...v2.0.0
[1.18.15]: https://github.com/Automattic/jetpack-assets/compare/v1.18.14...v1.18.15
[1.18.14]: https://github.com/Automattic/jetpack-assets/compare/v1.18.13...v1.18.14
[1.18.13]: https://github.com/Automattic/jetpack-assets/compare/v1.18.12...v1.18.13
[1.18.12]: https://github.com/Automattic/jetpack-assets/compare/v1.18.11...v1.18.12
[1.18.11]: https://github.com/Automattic/jetpack-assets/compare/v1.18.10...v1.18.11
[1.18.10]: https://github.com/Automattic/jetpack-assets/compare/v1.18.9...v1.18.10
[1.18.9]: https://github.com/Automattic/jetpack-assets/compare/v1.18.8...v1.18.9
[1.18.8]: https://github.com/Automattic/jetpack-assets/compare/v1.18.7...v1.18.8
[1.18.7]: https://github.com/Automattic/jetpack-assets/compare/v1.18.6...v1.18.7
[1.18.6]: https://github.com/Automattic/jetpack-assets/compare/v1.18.5...v1.18.6
[1.18.5]: https://github.com/Automattic/jetpack-assets/compare/v1.18.4...v1.18.5
[1.18.4]: https://github.com/Automattic/jetpack-assets/compare/v1.18.3...v1.18.4
[1.18.3]: https://github.com/Automattic/jetpack-assets/compare/v1.18.2...v1.18.3
[1.18.2]: https://github.com/Automattic/jetpack-assets/compare/v1.18.1...v1.18.2
[1.18.1]: https://github.com/Automattic/jetpack-assets/compare/v1.18.0...v1.18.1
[1.18.0]: https://github.com/Automattic/jetpack-assets/compare/v1.17.34...v1.18.0
[1.17.34]: https://github.com/Automattic/jetpack-assets/compare/v1.17.33...v1.17.34
[1.17.33]: https://github.com/Automattic/jetpack-assets/compare/v1.17.32...v1.17.33
[1.17.32]: https://github.com/Automattic/jetpack-assets/compare/v1.17.31...v1.17.32
[1.17.31]: https://github.com/Automattic/jetpack-assets/compare/v1.17.30...v1.17.31
[1.17.30]: https://github.com/Automattic/jetpack-assets/compare/v1.17.29...v1.17.30
[1.17.29]: https://github.com/Automattic/jetpack-assets/compare/v1.17.28...v1.17.29
[1.17.28]: https://github.com/Automattic/jetpack-assets/compare/v1.17.27...v1.17.28
[1.17.27]: https://github.com/Automattic/jetpack-assets/compare/v1.17.26...v1.17.27
[1.17.26]: https://github.com/Automattic/jetpack-assets/compare/v1.17.25...v1.17.26
[1.17.25]: https://github.com/Automattic/jetpack-assets/compare/v1.17.24...v1.17.25
[1.17.24]: https://github.com/Automattic/jetpack-assets/compare/v1.17.23...v1.17.24
[1.17.23]: https://github.com/Automattic/jetpack-assets/compare/v1.17.22...v1.17.23
[1.17.22]: https://github.com/Automattic/jetpack-assets/compare/v1.17.21...v1.17.22
[1.17.21]: https://github.com/Automattic/jetpack-assets/compare/v1.17.20...v1.17.21
[1.17.20]: https://github.com/Automattic/jetpack-assets/compare/v1.17.19...v1.17.20
[1.17.19]: https://github.com/Automattic/jetpack-assets/compare/v1.17.18...v1.17.19
[1.17.18]: https://github.com/Automattic/jetpack-assets/compare/v1.17.17...v1.17.18
[1.17.17]: https://github.com/Automattic/jetpack-assets/compare/v1.17.16...v1.17.17
[1.17.16]: https://github.com/Automattic/jetpack-assets/compare/v1.17.15...v1.17.16
[1.17.15]: https://github.com/Automattic/jetpack-assets/compare/v1.17.14...v1.17.15
[1.17.14]: https://github.com/Automattic/jetpack-assets/compare/v1.17.13...v1.17.14
[1.17.13]: https://github.com/Automattic/jetpack-assets/compare/v1.17.12...v1.17.13
[1.17.12]: https://github.com/Automattic/jetpack-assets/compare/v1.17.11...v1.17.12
[1.17.11]: https://github.com/Automattic/jetpack-assets/compare/v1.17.10...v1.17.11
[1.17.10]: https://github.com/Automattic/jetpack-assets/compare/v1.17.9...v1.17.10
[1.17.9]: https://github.com/Automattic/jetpack-assets/compare/v1.17.8...v1.17.9
[1.17.8]: https://github.com/Automattic/jetpack-assets/compare/v1.17.7...v1.17.8
[1.17.7]: https://github.com/Automattic/jetpack-assets/compare/v1.17.6...v1.17.7
[1.17.6]: https://github.com/Automattic/jetpack-assets/compare/v1.17.5...v1.17.6
[1.17.5]: https://github.com/Automattic/jetpack-assets/compare/v1.17.4...v1.17.5
[1.17.4]: https://github.com/Automattic/jetpack-assets/compare/v1.17.3...v1.17.4
[1.17.3]: https://github.com/Automattic/jetpack-assets/compare/v1.17.2...v1.17.3
[1.17.2]: https://github.com/Automattic/jetpack-assets/compare/v1.17.1...v1.17.2
[1.17.1]: https://github.com/Automattic/jetpack-assets/compare/v1.17.0...v1.17.1
[1.17.0]: https://github.com/Automattic/jetpack-assets/compare/v1.16.2...v1.17.0
[1.16.2]: https://github.com/Automattic/jetpack-assets/compare/v1.16.1...v1.16.2
[1.16.1]: https://github.com/Automattic/jetpack-assets/compare/v1.16.0...v1.16.1
[1.16.0]: https://github.com/Automattic/jetpack-assets/compare/v1.15.0...v1.16.0
[1.15.0]: https://github.com/Automattic/jetpack-assets/compare/v1.14.0...v1.15.0
[1.14.0]: https://github.com/Automattic/jetpack-assets/compare/v1.13.1...v1.14.0
[1.13.1]: https://github.com/Automattic/jetpack-assets/compare/v1.13.0...v1.13.1
[1.13.0]: https://github.com/Automattic/jetpack-assets/compare/v1.12.0...v1.13.0
[1.12.0]: https://github.com/Automattic/jetpack-assets/compare/v1.11.10...v1.12.0
[1.11.10]: https://github.com/Automattic/jetpack-assets/compare/v1.11.9...v1.11.10
[1.11.9]: https://github.com/Automattic/jetpack-assets/compare/v1.11.8...v1.11.9
[1.11.8]: https://github.com/Automattic/jetpack-assets/compare/v1.11.7...v1.11.8
[1.11.7]: https://github.com/Automattic/jetpack-assets/compare/v1.11.6...v1.11.7
[1.11.6]: https://github.com/Automattic/jetpack-assets/compare/v1.11.5...v1.11.6
[1.11.5]: https://github.com/Automattic/jetpack-assets/compare/v1.11.4...v1.11.5
[1.11.4]: https://github.com/Automattic/jetpack-assets/compare/v1.11.3...v1.11.4
[1.11.3]: https://github.com/Automattic/jetpack-assets/compare/v1.11.2...v1.11.3
[1.11.2]: https://github.com/Automattic/jetpack-assets/compare/v1.11.1...v1.11.2
[1.11.1]: https://github.com/Automattic/jetpack-assets/compare/v1.11.0...v1.11.1
[1.11.0]: https://github.com/Automattic/jetpack-assets/compare/v1.10.0...v1.11.0
[1.10.0]: https://github.com/Automattic/jetpack-assets/compare/v1.9.1...v1.10.0
[1.9.1]: https://github.com/Automattic/jetpack-assets/compare/v1.9.0...v1.9.1
[1.9.0]: https://github.com/Automattic/jetpack-assets/compare/v1.8.0...v1.9.0
[1.8.0]: https://github.com/Automattic/jetpack-assets/compare/v1.7.0...v1.8.0
[1.7.0]: https://github.com/Automattic/jetpack-assets/compare/v1.6.0...v1.7.0
[1.6.0]: https://github.com/Automattic/jetpack-assets/compare/v1.5.0...v1.6.0
[1.5.0]: https://github.com/Automattic/jetpack-assets/compare/v1.4.0...v1.5.0
[1.4.0]: https://github.com/Automattic/jetpack-assets/compare/v1.3.0...v1.4.0
[1.3.0]: https://github.com/Automattic/jetpack-assets/compare/v1.2.0...v1.3.0
[1.2.0]: https://github.com/Automattic/jetpack-assets/compare/v1.1.1...v1.2.0
[1.1.1]: https://github.com/Automattic/jetpack-assets/compare/v1.1.0...v1.1.1
[1.1.0]: https://github.com/Automattic/jetpack-assets/compare/v1.0.3...v1.1.0
[1.0.3]: https://github.com/Automattic/jetpack-assets/compare/v1.0.1...v1.0.3
[1.0.1]: https://github.com/Automattic/jetpack-assets/compare/v1.0.0...v1.0.1

357
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-assets/LICENSE.txt
View File

@ -1,357 +0,0 @@
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
===================================
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

47
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-assets/SECURITY.md
View File

@ -1,47 +0,0 @@
# Security Policy
Full details of the Automattic Security Policy can be found on [automattic.com](https://automattic.com/security/).
## Supported Versions
Generally, only the latest version of Jetpack and its associated plugins have continued support. If a critical vulnerability is found in the current version of a plugin, we may opt to backport any patches to previous versions.
## Reporting a Vulnerability
Our HackerOne program covers the below plugin software, as well as a variety of related projects and infrastructure:
* [Jetpack](https://jetpack.com/)
* Jetpack Backup
* Jetpack Boost
* Jetpack CRM
* Jetpack Protect
* Jetpack Search
* Jetpack Social
* Jetpack VideoPress
**For responsible disclosure of security issues and to be eligible for our bug bounty program, please submit your report via the [HackerOne](https://hackerone.com/automattic) portal.**
Our most critical targets are:
* Jetpack and the Jetpack composer packages (all within this repo)
* Jetpack.com -- the primary marketing site.
* cloud.jetpack.com -- a management site.
* wordpress.com -- the shared management site for both Jetpack and WordPress.com sites.
For more targets, see the `In Scope` section on [HackerOne](https://hackerone.com/automattic).
_Please note that the **WordPress software is a separate entity** from Automattic. Please report vulnerabilities for WordPress through [the WordPress Foundation's HackerOne page](https://hackerone.com/wordpress)._
## Guidelines
We're committed to working with security researchers to resolve the vulnerabilities they discover. You can help us by following these guidelines:
* Follow [HackerOne's disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
* Pen-testing Production:
* Please **setup a local environment** instead whenever possible. Most of our code is open source (see above).
* If that's not possible, **limit any data access/modification** to the bare minimum necessary to reproduce a PoC.
* **_Don't_ automate form submissions!** That's very annoying for us, because it adds extra work for the volunteers who manage those systems, and reduces the signal/noise ratio in our communication channels.
* To be eligible for a bounty, all of these guidelines must be followed.
* Be Patient - Give us a reasonable time to correct the issue before you disclose the vulnerability.
We also expect you to comply with all applicable laws. You're responsible to pay any taxes associated with your bounties.

19
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-assets/actions.php
View File

@ -1,19 +0,0 @@
<?php
/**
* Action Hooks for Jetpack Assets module.
*
* @package automattic/jetpack-assets
*/
// If WordPress's plugin API is available already, use it. If not,
// drop data into `$wp_filter` for `WP_Hook::build_preinitialized_hooks()`.
if ( function_exists( 'add_action' ) ) {
add_action( 'wp_default_scripts', array( Automattic\Jetpack\Assets::class, 'wp_default_scripts_hook' ) );
} else {
global $wp_filter;
// phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
$wp_filter['wp_default_scripts'][10][] = array(
'accepted_args' => 1,
'function' => array( Automattic\Jetpack\Assets::class, 'wp_default_scripts_hook' ),
);
}

1
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-assets/build/i18n-loader.asset.php
View File

@ -1 +0,0 @@
<?php return array('dependencies' => array('wp-i18n'), 'version' => 'b5d2a25bb8ad1698db1c');

1
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-assets/build/i18n-loader.js
View File

File diff suppressed because one or more lines are too long

57
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-assets/composer.json
View File

@ -1,57 +0,0 @@
{
"name": "automattic/jetpack-assets",
"description": "Asset management utilities for Jetpack ecosystem packages",
"type": "jetpack-library",
"license": "GPL-2.0-or-later",
"require": {
"php": ">=7.0",
"automattic/jetpack-constants": "^2.0.1"
},
"require-dev": {
"brain/monkey": "2.6.1",
"yoast/phpunit-polyfills": "1.1.0",
"automattic/jetpack-changelogger": "^4.1.1",
"wikimedia/testing-access-wrapper": "^1.0 || ^2.0 || ^3.0"
},
"suggest": {
"automattic/jetpack-autoloader": "Allow for better interoperability with other plugins that use this package."
},
"autoload": {
"files": [
"actions.php"
],
"classmap": [
"src/"
]
},
"scripts": {
"build-development": [
"pnpm run build"
],
"build-production": [
"pnpm run build-production"
],
"phpunit": [
"./vendor/phpunit/phpunit/phpunit --colors=always"
],
"test-js": [
"pnpm run test"
],
"test-php": [
"@composer phpunit"
]
},
"minimum-stability": "dev",
"prefer-stable": true,
"extra": {
"autotagger": true,
"mirror-repo": "Automattic/jetpack-assets",
"textdomain": "jetpack-assets",
"changelogger": {
"link-template": "https://github.com/Automattic/jetpack-assets/compare/v${old}...v${new}"
},
"branch-alias": {
"dev-trunk": "2.1.x-dev"
}
}
}

754
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-assets/src/class-assets.php
View File

@ -1,754 +0,0 @@
<?php
/**
* Jetpack Assets package.
*
* @package automattic/jetpack-assets
*/
namespace Automattic\Jetpack;
use Automattic\Jetpack\Assets\Semver;
use Automattic\Jetpack\Constants as Jetpack_Constants;
use InvalidArgumentException;
/**
* Class Assets
*/
class Assets {
/**
* Holds all the scripts handles that should be loaded in a deferred fashion.
*
* @var array
*/
private $defer_script_handles = array();
/**
* The singleton instance of this class.
*
* @var Assets
*/
protected static $instance;
/**
* The registered textdomain mappings.
*
* @var array `array( mapped_domain => array( string target_domain, string target_type, string semver, string path_prefix ) )`.
*/
private static $domain_map = array();
/**
* Constructor.
*
* Static-only class, so nothing here.
*/
private function __construct() {}
// ////////////////////
// region Async script loading
/**
* Get the singleton instance of the class.
*
* @return Assets
*/
public static function instance() {
if ( ! isset( self::$instance ) ) {
self::$instance = new Assets();
}
return self::$instance;
}
/**
* A public method for adding the async script.
*
* @deprecated Since 2.1.0, the `strategy` feature should be used instead, with the "defer" setting.
*
* @param string $script_handle Script handle.
*/
public static function add_async_script( $script_handle ) {
_deprecated_function( __METHOD__, '2.1.0' );
wp_script_add_data( $script_handle, 'strategy', 'defer' );
}
/**
* Add an async attribute to scripts that can be loaded deferred.
* https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script
*
* @deprecated Since 2.1.0, the `strategy` feature should be used instead.
*
* @param string $tag The <script> tag for the enqueued script.
* @param string $handle The script's registered handle.
*/
public function script_add_async( $tag, $handle ) {
_deprecated_function( __METHOD__, '2.1.0' );
if ( empty( $this->defer_script_handles ) ) {
return $tag;
}
if ( in_array( $handle, $this->defer_script_handles, true ) ) {
// phpcs:ignore WordPress.WP.EnqueuedResources.NonEnqueuedScript
return preg_replace( '/<script( [^>]*)? src=/i', '<script defer$1 src=', $tag );
}
return $tag;
}
/**
* A helper function that lets you enqueue scripts in an async fashion.
*
* @deprecated Since 2.1.0 - use the strategy feature instead.
*
* @param string $handle Name of the script. Should be unique.
* @param string $min_path Minimized script path.
* @param string $non_min_path Full Script path.
* @param array $deps Array of script dependencies.
* @param bool $ver The script version.
* @param bool $in_footer Should the script be included in the footer.
*/
public static function enqueue_async_script( $handle, $min_path, $non_min_path, $deps = array(), $ver = false, $in_footer = true ) {
_deprecated_function( __METHOD__, '2.1.0' );
$assets_instance = self::instance();
$assets_instance->add_async_script( $handle );
wp_enqueue_script( $handle, self::get_file_url_for_environment( $min_path, $non_min_path ), $deps, $ver, $in_footer );
}
// endregion .
// ////////////////////
// region Utils
/**
* Given a minified path, and a non-minified path, will return
* a minified or non-minified file URL based on whether SCRIPT_DEBUG is set and truthy.
*
* If $package_path is provided, then the minified or non-minified file URL will be generated
* relative to the root package directory.
*
* Both `$min_base` and `$non_min_base` can be either full URLs, or are expected to be relative to the
* root Jetpack directory.
*
* @param string $min_path minified path.
* @param string $non_min_path non-minified path.
* @param string $package_path Optional. A full path to a file inside a package directory
* The URL will be relative to its directory. Default empty.
* Typically this is done by passing __FILE__ as the argument.
*
* @return string The URL to the file
* @since 1.0.3
* @since-jetpack 5.6.0
*/
public static function get_file_url_for_environment( $min_path, $non_min_path, $package_path = '' ) {
$path = ( Jetpack_Constants::is_defined( 'SCRIPT_DEBUG' ) && Jetpack_Constants::get_constant( 'SCRIPT_DEBUG' ) )
? $non_min_path
: $min_path;
/*
* If the path is actually a full URL, keep that.
* We look for a host value, since enqueues are sometimes without a scheme.
*/
$file_parts = wp_parse_url( $path );
if ( ! empty( $file_parts['host'] ) ) {
$url = $path;
} else {
$plugin_path = empty( $package_path ) ? Jetpack_Constants::get_constant( 'JETPACK__PLUGIN_FILE' ) : $package_path;
$url = plugins_url( $path, $plugin_path );
}
/**
* Filters the URL for a file passed through the get_file_url_for_environment function.
*
* @since 1.0.3
*
* @package assets
*
* @param string $url The URL to the file.
* @param string $min_path The minified path.
* @param string $non_min_path The non-minified path.
*/
return apply_filters( 'jetpack_get_file_for_environment', $url, $min_path, $non_min_path );
}
/**
* Passes an array of URLs to wp_resource_hints.
*
* @since 1.5.0
*
* @param string|array $urls URLs to hint.
* @param string $type One of the supported resource types: dns-prefetch (default), preconnect, prefetch, or prerender.
*/
public static function add_resource_hint( $urls, $type = 'dns-prefetch' ) {
add_filter(
'wp_resource_hints',
function ( $hints, $resource_type ) use ( $urls, $type ) {
if ( $resource_type === $type ) {
// Type casting to array required since the function accepts a single string.
foreach ( (array) $urls as $url ) {
$hints[] = $url;
}
}
return $hints;
},
10,
2
);
}
/**
* Serve a WordPress.com static resource via a randomized wp.com subdomain.
*
* @since 1.9.0
*
* @param string $url WordPress.com static resource URL.
*
* @return string $url
*/
public static function staticize_subdomain( $url ) {
// Extract hostname from URL.
$host = wp_parse_url( $url, PHP_URL_HOST );
// Explode hostname on '.'.
$exploded_host = explode( '.', $host );
// Retrieve the name and TLD.
if ( count( $exploded_host ) > 1 ) {
$name = $exploded_host[ count( $exploded_host ) - 2 ];
$tld = $exploded_host[ count( $exploded_host ) - 1 ];
// Rebuild domain excluding subdomains.
$domain = $name . '.' . $tld;
} else {
$domain = $host;
}
// Array of Automattic domains.
$domains_allowed = array( 'wordpress.com', 'wp.com' );
// Return $url if not an Automattic domain.
if ( ! in_array( $domain, $domains_allowed, true ) ) {
return $url;
}
if ( \is_ssl() ) {
return preg_replace( '|https?://[^/]++/|', 'https://s-ssl.wordpress.com/', $url );
}
/*
* Generate a random subdomain id by taking the modulus of the crc32 value of the URL.
* Valid values are 0, 1, and 2.
*/
$static_counter = abs( crc32( basename( $url ) ) % 3 );
return preg_replace( '|://[^/]+?/|', "://s$static_counter.wp.com/", $url );
}
/**
* Resolve '.' and '..' components in a path or URL.
*
* @since 1.12.0
* @param string $path Path or URL.
* @return string Normalized path or URL.
*/
public static function normalize_path( $path ) {
$parts = wp_parse_url( $path );
if ( ! isset( $parts['path'] ) ) {
return $path;
}
$ret = '';
$ret .= isset( $parts['scheme'] ) ? $parts['scheme'] . '://' : '';
if ( isset( $parts['user'] ) || isset( $parts['pass'] ) ) {
$ret .= isset( $parts['user'] ) ? $parts['user'] : '';
$ret .= isset( $parts['pass'] ) ? ':' . $parts['pass'] : '';
$ret .= '@';
}
$ret .= isset( $parts['host'] ) ? $parts['host'] : '';
$ret .= isset( $parts['port'] ) ? ':' . $parts['port'] : '';
$pp = explode( '/', $parts['path'] );
if ( '' === $pp[0] ) {
$ret .= '/';
array_shift( $pp );
}
$i = 0;
while ( $i < count( $pp ) ) { // phpcs:ignore Squiz.PHP.DisallowSizeFunctionsInLoops.Found
if ( '' === $pp[ $i ] || '.' === $pp[ $i ] || 0 === $i && '..' === $pp[ $i ] ) {
array_splice( $pp, $i, 1 );
} elseif ( '..' === $pp[ $i ] ) {
array_splice( $pp, --$i, 2 );
} else {
++$i;
}
}
$ret .= implode( '/', $pp );
$ret .= isset( $parts['query'] ) ? '?' . $parts['query'] : '';
$ret .= isset( $parts['fragment'] ) ? '#' . $parts['fragment'] : '';
return $ret;
}
// endregion .
// ////////////////////
// region Webpack-built script registration
/**
* Register a Webpack-built script.
*
* Our Webpack-built scripts tend to need a bunch of boilerplate:
* - A call to `Assets::get_file_url_for_environment()` for possible debugging.
* - A call to `wp_register_style()` for extracted CSS, possibly with detection of RTL.
* - Loading of dependencies and version provided by `@wordpress/dependency-extraction-webpack-plugin`.
* - Avoiding WPCom's broken minifier.
*
* This wrapper handles all of that.
*
* @since 1.12.0
* @since 2.1.0 Add a new `strategy` option to leverage WP >= 6.3 script strategy feature. The `async` option is deprecated.
* @param string $handle Name of the script. Should be unique across both scripts and styles.
* @param string $path Minimized script path.
* @param string $relative_to File that `$path` is relative to. Pass `__FILE__`.
* @param array $options Additional options:
* - `asset_path`: (string|null) `.asset.php` to load. Default is to base it on `$path`.
* - `async`: (bool) Set true to register the script as deferred, like `Assets::enqueue_async_script()`. Deprecated in favor of `strategy`.
* - `css_dependencies`: (string[]) Additional style dependencies to queue.
* - `css_path`: (string|null) `.css` to load. Default is to base it on `$path`.
* - `dependencies`: (string[]) Additional script dependencies to queue.
* - `enqueue`: (bool) Set true to enqueue the script immediately.
* - `in_footer`: (bool) Set true to register script for the footer.
* - `media`: (string) Media for the css file. Default 'all'.
* - `minify`: (bool|null) Set true to pass `minify=true` in the query string, or `null` to suppress the normal `minify=false`.
* - `nonmin_path`: (string) Non-minified script path.
* - `strategy`: (string) Specify a script strategy to use, eg. `defer` or `async`. Default is `""`.
* - `textdomain`: (string) Text domain for the script. Required if the script depends on wp-i18n.
* - `version`: (string) Override the version from the `asset_path` file.
* @throws \InvalidArgumentException If arguments are invalid.
*/
public static function register_script( $handle, $path, $relative_to, array $options = array() ) {
if ( substr( $path, -3 ) !== '.js' ) {
throw new \InvalidArgumentException( '$path must end in ".js"' );
}
if ( isset( $options['async'] ) ) {
_deprecated_argument( __METHOD__, '2.1.0', 'The `async` option is deprecated in favor of `strategy`' );
}
$dir = dirname( $relative_to );
$base = substr( $path, 0, -3 );
$options += array(
'asset_path' => "$base.asset.php",
'async' => false,
'css_dependencies' => array(),
'css_path' => "$base.css",
'dependencies' => array(),
'enqueue' => false,
'in_footer' => false,
'media' => 'all',
'minify' => false,
'strategy' => '',
'textdomain' => null,
);
if ( $options['css_path'] && substr( $options['css_path'], -4 ) !== '.css' ) {
throw new \InvalidArgumentException( '$options[\'css_path\'] must end in ".css"' );
}
if ( isset( $options['nonmin_path'] ) ) {
$url = self::get_file_url_for_environment( $path, $options['nonmin_path'], $relative_to );
} else {
$url = plugins_url( $path, $relative_to );
}
$url = self::normalize_path( $url );
if ( null !== $options['minify'] ) {
$url = add_query_arg( 'minify', $options['minify'] ? 'true' : 'false', $url );
}
if ( $options['asset_path'] && file_exists( "$dir/{$options['asset_path']}" ) ) {
$asset = require "$dir/{$options['asset_path']}"; // phpcs:ignore WordPressVIPMinimum.Files.IncludingFile.NotAbsolutePath
$options['dependencies'] = array_merge( $asset['dependencies'], $options['dependencies'] );
$options['css_dependencies'] = array_merge(
array_filter(
$asset['dependencies'],
function ( $d ) {
return wp_style_is( $d, 'registered' );
}
),
$options['css_dependencies']
);
$ver = isset( $options['version'] ) ? $options['version'] : $asset['version'];
} else {
$ver = isset( $options['version'] ) ? $options['version'] : filemtime( "$dir/$path" );
}
if ( $options['async'] && '' === $options['strategy'] ) { // Handle the deprecated `async` option
$options['strategy'] = 'defer';
}
wp_register_script(
$handle,
$url,
$options['dependencies'],
$ver,
array(
'in_footer' => $options['in_footer'],
'strategy' => $options['strategy'],
)
);
if ( $options['textdomain'] ) {
// phpcs:ignore Jetpack.Functions.I18n.DomainNotLiteral
wp_set_script_translations( $handle, $options['textdomain'] );
} elseif ( in_array( 'wp-i18n', $options['dependencies'], true ) ) {
_doing_it_wrong(
__METHOD__,
/* translators: %s is the script handle. */
esc_html( sprintf( __( 'Script "%s" depends on wp-i18n but does not specify "textdomain"', 'jetpack-assets' ), $handle ) ),
''
);
}
if ( $options['css_path'] && file_exists( "$dir/{$options['css_path']}" ) ) {
$csspath = $options['css_path'];
if ( is_rtl() ) {
$rtlcsspath = substr( $csspath, 0, -4 ) . '.rtl.css';
if ( file_exists( "$dir/$rtlcsspath" ) ) {
$csspath = $rtlcsspath;
}
}
$url = self::normalize_path( plugins_url( $csspath, $relative_to ) );
if ( null !== $options['minify'] ) {
$url = add_query_arg( 'minify', $options['minify'] ? 'true' : 'false', $url );
}
wp_register_style( $handle, $url, $options['css_dependencies'], $ver, $options['media'] );
wp_script_add_data( $handle, 'Jetpack::Assets::hascss', true );
} else {
wp_script_add_data( $handle, 'Jetpack::Assets::hascss', false );
}
if ( $options['enqueue'] ) {
self::enqueue_script( $handle );
}
}
/**
* Enqueue a script registered with `Assets::register_script`.
*
* @since 1.12.0
* @param string $handle Name of the script. Should be unique across both scripts and styles.
*/
public static function enqueue_script( $handle ) {
wp_enqueue_script( $handle );
if ( wp_scripts()->get_data( $handle, 'Jetpack::Assets::hascss' ) ) {
wp_enqueue_style( $handle );
}
}
/**
* 'wp_default_scripts' action handler.
*
* This registers the `wp-jp-i18n-loader` script for use by Webpack bundles built with
* `@automattic/i18n-loader-webpack-plugin`.
*
* @since 1.14.0
* @param \WP_Scripts $wp_scripts WP_Scripts instance.
*/
public static function wp_default_scripts_hook( $wp_scripts ) {
$data = array(
'baseUrl' => false,
'locale' => determine_locale(),
'domainMap' => array(),
'domainPaths' => array(),
);
$lang_dir = Jetpack_Constants::get_constant( 'WP_LANG_DIR' );
$content_dir = Jetpack_Constants::get_constant( 'WP_CONTENT_DIR' );
$abspath = Jetpack_Constants::get_constant( 'ABSPATH' );
// Note: str_starts_with() is not used here, as wp-includes/compat.php may not be loaded at this point.
if ( strpos( $lang_dir, $content_dir ) === 0 ) {
$data['baseUrl'] = content_url( substr( trailingslashit( $lang_dir ), strlen( trailingslashit( $content_dir ) ) ) );
} elseif ( strpos( $lang_dir, $abspath ) === 0 ) {
$data['baseUrl'] = site_url( substr( trailingslashit( $lang_dir ), strlen( untrailingslashit( $abspath ) ) ) );
}
foreach ( self::$domain_map as $from => list( $to, $type, , $path ) ) {
$data['domainMap'][ $from ] = ( 'core' === $type ? '' : "{$type}/" ) . $to;
if ( '' !== $path ) {
$data['domainPaths'][ $from ] = trailingslashit( $path );
}
}
/**
* Filters the i18n state data for use by Webpack bundles built with
* `@automattic/i18n-loader-webpack-plugin`.
*
* @since 1.14.0
* @package assets
* @param array $data The state data to generate. Expected fields are:
* - `baseUrl`: (string|false) The URL to the languages directory. False if no URL could be determined.
* - `locale`: (string) The locale for the page.
* - `domainMap`: (string[]) A mapping from Composer package textdomains to the corresponding
* `plugins/textdomain` or `themes/textdomain` (or core `textdomain`, but that's unlikely).
* - `domainPaths`: (string[]) A mapping from Composer package textdomains to the corresponding package
* paths.
*/
$data = apply_filters( 'jetpack_i18n_state', $data );
// Can't use self::register_script(), this action is called too early.
if ( file_exists( __DIR__ . '/../build/i18n-loader.asset.php' ) ) {
$path = '../build/i18n-loader.js';
$asset = require __DIR__ . '/../build/i18n-loader.asset.php';
} else {
$path = 'js/i18n-loader.js';
$asset = array(
'dependencies' => array( 'wp-i18n' ),
'version' => filemtime( __DIR__ . "/$path" ),
);
}
$url = self::normalize_path( plugins_url( $path, __FILE__ ) );
$url = add_query_arg( 'minify', 'true', $url );
$wp_scripts->add( 'wp-jp-i18n-loader', $url, $asset['dependencies'], $asset['version'] );
if ( ! is_array( $data ) ||
! isset( $data['baseUrl'] ) || ! ( is_string( $data['baseUrl'] ) || false === $data['baseUrl'] ) ||
! isset( $data['locale'] ) || ! is_string( $data['locale'] ) ||
! isset( $data['domainMap'] ) || ! is_array( $data['domainMap'] ) ||
! isset( $data['domainPaths'] ) || ! is_array( $data['domainPaths'] )
) {
$wp_scripts->add_inline_script( 'wp-jp-i18n-loader', 'console.warn( "I18n state deleted by jetpack_i18n_state hook" );' );
} elseif ( ! $data['baseUrl'] ) {
$wp_scripts->add_inline_script( 'wp-jp-i18n-loader', 'console.warn( "Failed to determine languages base URL. Is WP_LANG_DIR in the WordPress root?" );' );
} else {
$data['domainMap'] = (object) $data['domainMap']; // Ensure it becomes a json object.
$data['domainPaths'] = (object) $data['domainPaths']; // Ensure it becomes a json object.
$wp_scripts->add_inline_script( 'wp-jp-i18n-loader', 'wp.jpI18nLoader.state = ' . wp_json_encode( $data, JSON_UNESCAPED_SLASHES ) . ';' );
}
// Deprecated state module: Depend on wp-i18n to ensure global `wp` exists and because anything needing this will need that too.
$wp_scripts->add( 'wp-jp-i18n-state', false, array( 'wp-deprecated', 'wp-jp-i18n-loader' ) );
$wp_scripts->add_inline_script( 'wp-jp-i18n-state', 'wp.deprecated( "wp-jp-i18n-state", { alternative: "wp-jp-i18n-loader" } );' );
$wp_scripts->add_inline_script( 'wp-jp-i18n-state', 'wp.jpI18nState = wp.jpI18nLoader.state;' );
}
// endregion .
// ////////////////////
// region Textdomain aliasing
/**
* Register a textdomain alias.
*
* Composer packages included in plugins will likely not use the textdomain of the plugin, while
* WordPress's i18n infrastructure will include the translations in the plugin's domain. This
* allows for mapping the package's domain to the plugin's.
*
* Since multiple plugins may use the same package, we include the package's version here so
* as to choose the most recent translations (which are most likely to match the package
* selected by jetpack-autoloader).
*
* @since 1.15.0
* @param string $from Domain to alias.
* @param string $to Domain to alias it to.
* @param string $totype What is the target of the alias: 'plugins', 'themes', or 'core'.
* @param string $ver Version of the `$from` domain.
* @param string $path Path to prepend when lazy-loading from JavaScript.
* @throws InvalidArgumentException If arguments are invalid.
*/
public static function alias_textdomain( $from, $to, $totype, $ver, $path = '' ) {
if ( ! in_array( $totype, array( 'plugins', 'themes', 'core' ), true ) ) {
throw new InvalidArgumentException( 'Type must be "plugins", "themes", or "core"' );
}
if (
did_action( 'wp_default_scripts' ) &&
// Don't complain during plugin activation.
! defined( 'WP_SANDBOX_SCRAPING' )
) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: wp_default_scripts. 2: Name of the domain being aliased. */
esc_html__( 'Textdomain aliases should be registered before the %1$s hook. This notice was triggered by the %2$s domain.', 'jetpack-assets' ),
'<code>wp_default_scripts</code>',
'<code>' . esc_html( $from ) . '</code>'
),
''
);
}
if ( empty( self::$domain_map[ $from ] ) ) {
self::init_domain_map_hooks( $from, array() === self::$domain_map );
self::$domain_map[ $from ] = array( $to, $totype, $ver, $path );
} elseif ( Semver::compare( $ver, self::$domain_map[ $from ][2] ) > 0 ) {
self::$domain_map[ $from ] = array( $to, $totype, $ver, $path );
}
}
/**
* Register textdomain aliases from a mapping file.
*
* The mapping file is simply a PHP file that returns an array
* with the following properties:
* - 'domain': String, `$to`
* - 'type': String, `$totype`
* - 'packages': Array, mapping `$from` to `array( 'path' => $path, 'ver' => $ver )` (or to the string `$ver` for back compat).
*
* @since 1.15.0
* @param string $file Mapping file.
*/
public static function alias_textdomains_from_file( $file ) {
$data = require $file;
foreach ( $data['packages'] as $from => $fromdata ) {
if ( ! is_array( $fromdata ) ) {
$fromdata = array(
'path' => '',
'ver' => $fromdata,
);
}
self::alias_textdomain( $from, $data['domain'], $data['type'], $fromdata['ver'], $fromdata['path'] );
}
}
/**
* Register the hooks for textdomain aliasing.
*
* @param string $domain Domain to alias.
* @param bool $firstcall If this is the first call.
*/
private static function init_domain_map_hooks( $domain, $firstcall ) {
// If WordPress's plugin API is available already, use it. If not,
// drop data into `$wp_filter` for `WP_Hook::build_preinitialized_hooks()`.
if ( function_exists( 'add_filter' ) ) {
$add_filter = 'add_filter';
} else {
$add_filter = function ( $hook_name, $callback, $priority = 10, $accepted_args = 1 ) {
global $wp_filter;
// phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
$wp_filter[ $hook_name ][ $priority ][] = array(
'accepted_args' => $accepted_args,
'function' => $callback,
);
};
}
$add_filter( "gettext_{$domain}", array( self::class, 'filter_gettext' ), 10, 3 );
$add_filter( "ngettext_{$domain}", array( self::class, 'filter_ngettext' ), 10, 5 );
$add_filter( "gettext_with_context_{$domain}", array( self::class, 'filter_gettext_with_context' ), 10, 4 );
$add_filter( "ngettext_with_context_{$domain}", array( self::class, 'filter_ngettext_with_context' ), 10, 6 );
if ( $firstcall ) {
$add_filter( 'load_script_translation_file', array( self::class, 'filter_load_script_translation_file' ), 10, 3 );
}
}
/**
* Filter for `gettext`.
*
* @since 1.15.0
* @param string $translation Translated text.
* @param string $text Text to translate.
* @param string $domain Text domain.
* @return string Translated text.
*/
public static function filter_gettext( $translation, $text, $domain ) {
if ( $translation === $text ) {
// phpcs:ignore WordPress.WP.I18n
$newtext = __( $text, self::$domain_map[ $domain ][0] );
if ( $newtext !== $text ) {
return $newtext;
}
}
return $translation;
}
/**
* Filter for `ngettext`.
*
* @since 1.15.0
* @param string $translation Translated text.
* @param string $single The text to be used if the number is singular.
* @param string $plural The text to be used if the number is plural.
* @param string $number The number to compare against to use either the singular or plural form.
* @param string $domain Text domain.
* @return string Translated text.
*/
public static function filter_ngettext( $translation, $single, $plural, $number, $domain ) {
if ( $translation === $single || $translation === $plural ) {
// phpcs:ignore WordPress.WP.I18n
$translation = _n( $single, $plural, $number, self::$domain_map[ $domain ][0] );
}
return $translation;
}
/**
* Filter for `gettext_with_context`.
*
* @since 1.15.0
* @param string $translation Translated text.
* @param string $text Text to translate.
* @param string $context Context information for the translators.
* @param string $domain Text domain.
* @return string Translated text.
*/
public static function filter_gettext_with_context( $translation, $text, $context, $domain ) {
if ( $translation === $text ) {
// phpcs:ignore WordPress.WP.I18n
$translation = _x( $text, $context, self::$domain_map[ $domain ][0] );
}
return $translation;
}
/**
* Filter for `ngettext_with_context`.
*
* @since 1.15.0
* @param string $translation Translated text.
* @param string $single The text to be used if the number is singular.
* @param string $plural The text to be used if the number is plural.
* @param string $number The number to compare against to use either the singular or plural form.
* @param string $context Context information for the translators.
* @param string $domain Text domain.
* @return string Translated text.
*/
public static function filter_ngettext_with_context( $translation, $single, $plural, $number, $context, $domain ) {
if ( $translation === $single || $translation === $plural ) {
// phpcs:ignore WordPress.WP.I18n
$translation = _nx( $single, $plural, $number, $context, self::$domain_map[ $domain ][0] );
}
return $translation;
}
/**
* Filter for `load_script_translation_file`.
*
* @since 1.15.0
* @param string|false $file Path to the translation file to load. False if there isn't one.
* @param string $handle Name of the script to register a translation domain to.
* @param string $domain The text domain.
*/
public static function filter_load_script_translation_file( $file, $handle, $domain ) {
if ( false !== $file && isset( self::$domain_map[ $domain ] ) && ! is_readable( $file ) ) {
// Determine the part of the filename after the domain.
$suffix = basename( $file );
$l = strlen( $domain );
if ( substr( $suffix, 0, $l ) !== $domain || '-' !== $suffix[ $l ] ) {
return $file;
}
$suffix = substr( $suffix, $l );
$lang_dir = Jetpack_Constants::get_constant( 'WP_LANG_DIR' );
// Look for replacement files.
list( $newdomain, $type ) = self::$domain_map[ $domain ];
$newfile = $lang_dir . ( 'core' === $type ? '/' : "/{$type}/" ) . $newdomain . $suffix;
if ( is_readable( $newfile ) ) {
return $newfile;
}
}
return $file;
}
// endregion .
}
// Enable section folding in vim:
// vim: foldmarker=//\ region,//\ endregion foldmethod=marker
// .

121
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-assets/src/class-semver.php
View File

@ -1,121 +0,0 @@
<?php
/**
* Simple semver version handling.
*
* We use this instead of something like `composer/semver` to avoid
* plugins needing to include yet-another dependency package. The
* amount of code we need here is pretty small.
*
* We use this instead of PHP's `version_compare()` because that doesn't
* handle prerelease versions in the way anyone other than PHP devs would
* expect, and silently breaks on various unexpected input.
*
* @package automattic/jetpack-assets
*/
namespace Automattic\Jetpack\Assets;
use InvalidArgumentException;
/**
* Simple semver version handling.
*/
class Semver {
/**
* Parse a semver version.
*
* @param string $version Version.
* @return array With components:
* - major: (int) Major version.
* - minor: (int) Minor version.
* - patch: (int) Patch version.
* - version: (string) Major.minor.patch.
* - prerelease: (string|null) Pre-release string.
* - buildinfo: (string|null) Build metadata string.
* @throws InvalidArgumentException If the version number is not in a recognized format.
*/
public static function parse( $version ) {
// This is slightly looser than the official version from semver.org, in that leading zeros are allowed.
if ( ! preg_match( '/^(?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)(?:-(?P<prerelease>(?:[0-9a-zA-Z-]+)(?:\.(?:[0-9a-zA-Z-]+))*))?(?:\+(?P<buildinfo>[0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/', $version, $m ) ) {
throw new InvalidArgumentException( "Version number \"$version\" is not in a recognized format." );
}
$info = array(
'major' => (int) $m['major'],
'minor' => (int) $m['minor'],
'patch' => (int) $m['patch'],
'version' => sprintf( '%d.%d.%d', $m['major'], $m['minor'], $m['patch'] ),
'prerelease' => isset( $m['prerelease'] ) && '' !== $m['prerelease'] ? $m['prerelease'] : null,
'buildinfo' => isset( $m['buildinfo'] ) && '' !== $m['buildinfo'] ? $m['buildinfo'] : null,
);
if ( null !== $info['prerelease'] ) {
$sep = '';
$prerelease = '';
foreach ( explode( '.', $info['prerelease'] ) as $part ) {
if ( ctype_digit( $part ) ) {
$part = (int) $part;
}
$prerelease .= $sep . $part;
$sep = '.';
}
$info['prerelease'] = $prerelease;
}
return $info;
}
/**
* Compare two version numbers.
*
* @param string $a First version.
* @param string $b Second version.
* @return int Less than, equal to, or greater than 0 depending on whether `$a` is less than, equal to, or greater than `$b`.
* @throws InvalidArgumentException If the version numbers are not in a recognized format.
*/
public static function compare( $a, $b ) {
$aa = self::parse( $a );
$bb = self::parse( $b );
if ( $aa['major'] !== $bb['major'] ) {
return $aa['major'] - $bb['major'];
}
if ( $aa['minor'] !== $bb['minor'] ) {
return $aa['minor'] - $bb['minor'];
}
if ( $aa['patch'] !== $bb['patch'] ) {
return $aa['patch'] - $bb['patch'];
}
if ( null === $aa['prerelease'] ) {
return null === $bb['prerelease'] ? 0 : 1;
}
if ( null === $bb['prerelease'] ) {
return -1;
}
$aaa = explode( '.', $aa['prerelease'] );
$bbb = explode( '.', $bb['prerelease'] );
$al = count( $aaa );
$bl = count( $bbb );
for ( $i = 0; $i < $al && $i < $bl; $i++ ) {
$a = $aaa[ $i ];
$b = $bbb[ $i ];
if ( ctype_digit( $a ) ) {
if ( ctype_digit( $b ) ) {
if ( (int) $a !== (int) $b ) {
return $a - $b;
}
} else {
return -1;
}
} elseif ( ctype_digit( $b ) ) {
return 1;
} else {
$tmp = strcmp( $a, $b );
if ( 0 !== $tmp ) {
return $tmp;
}
}
}
return $al - $bl;
}
}

76
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-assets/src/js/i18n-loader.js
View File

@ -1,76 +0,0 @@
const i18n = require( '@wordpress/i18n' );
const { default: md5 } = require( 'md5-es' );
const locationMap = {
plugin: 'plugins/',
theme: 'themes/',
core: '',
};
const hasOwn = ( obj, prop ) => Object.prototype.hasOwnProperty.call( obj, prop );
module.exports = {
state: {
baseUrl: null,
locale: null,
domainMap: {},
domainPaths: {},
},
/**
* Download and register translations for a bundle.
*
* @param {string} path - Bundle path being fetched. May have a query part.
* @param {string} domain - Text domain to register into.
* @param {string} location - Location for the translation: 'plugin', 'theme', or 'core'.
* @returns {Promise} Resolved when the translations are registered, or rejected with an `Error`.
*/
async downloadI18n( path, domain, location ) {
const state = this.state;
if ( ! state || typeof state.baseUrl !== 'string' ) {
throw new Error( 'wp.jpI18nLoader.state is not set' );
}
// "en_US" is the default, no translations are needed.
if ( state.locale === 'en_US' ) {
return;
}
// Check that fetch is available.
if ( typeof fetch === 'undefined' ) {
throw new Error( 'Fetch API is not available.' );
}
// Extract any query part and hash the script name like WordPress does.
const pathPrefix = hasOwn( state.domainPaths, domain ) ? state.domainPaths[ domain ] : '';
let hash, query;
const i = path.indexOf( '?' );
if ( i >= 0 ) {
hash = md5.hash( pathPrefix + path.substring( 0, i ) );
query = path.substring( i );
} else {
hash = md5.hash( pathPrefix + path );
query = '';
}
// Download.
const locationAndDomain = hasOwn( state.domainMap, domain )
? state.domainMap[ domain ]
: locationMap[ location ] + domain;
const res = await fetch(
// prettier-ignore
`${ state.baseUrl }${ locationAndDomain }-${ state.locale }-${ hash }.json${ query }`
);
if ( ! res.ok ) {
throw new Error( `HTTP request failed: ${ res.status } ${ res.statusText }` );
}
const data = await res.json();
// Extract the messages from the file and register them.
const localeData = hasOwn( data.locale_data, domain )
? data.locale_data[ domain ]
: data.locale_data.messages;
localeData[ '' ].domain = domain;
i18n.setLocaleData( localeData, domain );
},
};

36
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-backup-helper-script-manager/CHANGELOG.md
View File

@ -1,36 +0,0 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [0.2.4] - 2024-03-18
### Changed
- Internal updates.
## [0.2.3] - 2024-03-14
### Changed
- Internal updates.
## [0.2.2] - 2024-02-27
### Added
- Increasing backup version for new endpoint [#35649]
## [0.2.1] - 2024-02-08
### Fixed
- Write helper script to ABSPATH by default, just like we did before [#35508]
## [0.2.0] - 2024-01-04
### Fixed
- Backup: Add namespace versioning to Helper_Script_Manager and other classes. [#34739]
## 0.1.0 - 2023-12-13
### Fixed
- Initial release (improved helper script installer logging). [#34297]
[0.2.4]: https://github.com/Automattic/jetpack-backup-helper-script-manager/compare/v0.2.3...v0.2.4
[0.2.3]: https://github.com/Automattic/jetpack-backup-helper-script-manager/compare/v0.2.2...v0.2.3
[0.2.2]: https://github.com/Automattic/jetpack-backup-helper-script-manager/compare/v0.2.1...v0.2.2
[0.2.1]: https://github.com/Automattic/jetpack-backup-helper-script-manager/compare/v0.2.0...v0.2.1
[0.2.0]: https://github.com/Automattic/jetpack-backup-helper-script-manager/compare/v0.1.0...v0.2.0

357
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-backup-helper-script-manager/LICENSE.txt
View File

@ -1,357 +0,0 @@
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
===================================
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

47
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-backup-helper-script-manager/SECURITY.md
View File

@ -1,47 +0,0 @@
# Security Policy
Full details of the Automattic Security Policy can be found on [automattic.com](https://automattic.com/security/).
## Supported Versions
Generally, only the latest version of Jetpack and its associated plugins have continued support. If a critical vulnerability is found in the current version of a plugin, we may opt to backport any patches to previous versions.
## Reporting a Vulnerability
Our HackerOne program covers the below plugin software, as well as a variety of related projects and infrastructure:
* [Jetpack](https://jetpack.com/)
* Jetpack Backup
* Jetpack Boost
* Jetpack CRM
* Jetpack Protect
* Jetpack Search
* Jetpack Social
* Jetpack VideoPress
**For responsible disclosure of security issues and to be eligible for our bug bounty program, please submit your report via the [HackerOne](https://hackerone.com/automattic) portal.**
Our most critical targets are:
* Jetpack and the Jetpack composer packages (all within this repo)
* Jetpack.com -- the primary marketing site.
* cloud.jetpack.com -- a management site.
* wordpress.com -- the shared management site for both Jetpack and WordPress.com sites.
For more targets, see the `In Scope` section on [HackerOne](https://hackerone.com/automattic).
_Please note that the **WordPress software is a separate entity** from Automattic. Please report vulnerabilities for WordPress through [the WordPress Foundation's HackerOne page](https://hackerone.com/wordpress)._
## Guidelines
We're committed to working with security researchers to resolve the vulnerabilities they discover. You can help us by following these guidelines:
* Follow [HackerOne's disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
* Pen-testing Production:
* Please **setup a local environment** instead whenever possible. Most of our code is open source (see above).
* If that's not possible, **limit any data access/modification** to the bare minimum necessary to reproduce a PoC.
* **_Don't_ automate form submissions!** That's very annoying for us, because it adds extra work for the volunteers who manage those systems, and reduces the signal/noise ratio in our communication channels.
* To be eligible for a bounty, all of these guidelines must be followed.
* Be Patient - Give us a reasonable time to correct the issue before you disclose the vulnerability.
We also expect you to comply with all applicable laws. You're responsible to pay any taxes associated with your bounties.

51
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-backup-helper-script-manager/composer.json
View File

@ -1,51 +0,0 @@
{
"name": "automattic/jetpack-backup-helper-script-manager",
"description": "Install / delete helper script for backup and transport server. Not visible to site owners.",
"type": "jetpack-library",
"license": "GPL-2.0-or-later",
"require": {
"php": ">=7.0"
},
"require-dev": {
"yoast/phpunit-polyfills": "1.1.0",
"automattic/jetpack-changelogger": "^4.1.2",
"automattic/wordbless": "@dev"
},
"suggest": {
"automattic/jetpack-autoloader": "Allow for better interoperability with other plugins that use this package."
},
"autoload": {
"classmap": [
"src/"
]
},
"scripts": {
"phpunit": [
"./vendor/phpunit/phpunit/phpunit --colors=always"
],
"test-php": [
"@composer phpunit"
],
"post-install-cmd": "WorDBless\\Composer\\InstallDropin::copy",
"post-update-cmd": "WorDBless\\Composer\\InstallDropin::copy"
},
"minimum-stability": "dev",
"prefer-stable": true,
"extra": {
"autotagger": true,
"mirror-repo": "Automattic/jetpack-backup-helper-script-manager",
"changelogger": {
"link-template": "https://github.com/Automattic/jetpack-backup-helper-script-manager/compare/v${old}...v${new}"
},
"branch-alias": {
"dev-trunk": "0.2.x-dev"
}
},
"config": {
"allow-plugins": {
"roots/wordpress-core-installer": true,
"automattic/jetpack-autoloader": true,
"automattic/jetpack-composer-plugin": true
}
}
}

620
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-backup-helper-script-manager/src/class-helper-script-manager-impl.php
View File

@ -1,620 +0,0 @@
<?php
/**
* The Jetpack Backup Helper Script Manager class (implementation).
*
* @package automattic/jetpack-backup
*/
// After changing this file, consider increasing the version number ("VXXX") in all the files using this namespace, in
// order to ensure that the specific version of this file always get loaded. Otherwise, Jetpack autoloader might decide
// to load an older/newer version of the class (if, for example, both the standalone and bundled versions of the plugin
// are installed, or in some other cases).
namespace Automattic\Jetpack\Backup\V0003;
use Exception;
use WP_Error;
use function content_url;
use function get_site_url;
use function is_wp_error;
use function set_url_scheme;
use function trailingslashit;
use function wp_generate_password;
use function wp_http_validate_url;
use function wp_schedule_single_event;
use function wp_upload_dir;
use const ABSPATH;
use const WP_CONTENT_DIR;
/**
* Manage installation, deletion and cleanup of Helper Scripts to assist with backing up Jetpack Sites.
*
* Does *not* use WP_Filesystem, because if there are permissions issues between the webserver's user and the FTP/SSH
* user, then we'll just install the helper script and do a backup/restore using FTP/SSH credentials (that we collect
* ourselves), without using WP_Filesystem in any way.
*
* Also, if we can't write that helper script somewhere (due to writes being inaccessible to the webserver's user, or
* for other reasons), we want to know about it (in the form of an error response), instead of having that helper
* script silently uploaded via FTP/SFTP, so that we could fall back to a backup/restore using credentials.
*
* Lastly, PHP provides us with better error reporting than WP_Filesystem.
*/
class Helper_Script_Manager_Impl {
/**
* Name of a directory that will be created for storing the helper script.
*/
const TEMP_DIRECTORY = 'jetpack-temp';
/**
* How long until the helper script will "expire" and refuse taking requests, in seconds.
*/
const EXPIRY_TIME = 60 * 60 * 8;
/**
* Maximum size of the helper script, in bytes.
*/
const MAX_FILESIZE = 1024 * 1024;
/**
* Associative array of possible places to install a jetpack-temp directory, along with the URL to access each.
*
* Keys specify the full path of install locations, and values point to the equivalent URL.
*
* If null, then install locations will be determined dynamically at the point of an install.
*
* @var array|null
*/
protected $custom_install_locations;
/**
* Filenames to ignore in scandir()'s return value.
*
* @var string[]
*/
protected $scandir_ignored_names = array( '.', '..' );
/**
* Header that the helper script is expected to start with.
*/
const HELPER_HEADER = "<?php /* Jetpack Backup Helper Script */\n";
/**
* Lines that will be written to README in the helper directory.
*/
const README_LINES = array(
'These files have been put on your server by Jetpack to assist with backups, restores, and scans of your ' .
'site content. They are cleaned up automatically when we no longer need them.',
'If you no longer have Jetpack connected to your site, you can delete them manually.',
'If you have questions or need assistance, please contact Jetpack Support at https://jetpack.com/support/',
'If you like to build amazing things with WordPress, you should visit automattic.com/jobs and apply to join ' .
'the fun mention this file when you apply!',
);
/**
* Data that will be written to index.php in the helper directory.
*/
const INDEX_FILE = '<?php // Silence is golden';
/**
* Create Helper Script Manager.
*
* @param array|null $custom_install_locations Associative array of possible places to install a jetpack-temp
* directory, along with the URL to access each.
*/
public function __construct( $custom_install_locations = null ) {
$this->custom_install_locations = $custom_install_locations;
}
/**
* Get either the default install locations, or the ones configured in the constructor.
*
* Has to be done late, i.e. can't be done in constructor, because in __construct() not all constants / functions
* might be available.
*
* @return array<string, string|WP_Error> Array with keys specifying the full path of install locations, and values
* either pointing to the equivalent URL, or being WP_Error if a specific path is not accessible.
*/
public function install_locations() {
if ( $this->custom_install_locations !== null ) {
return $this->custom_install_locations;
}
$abspath_url = get_site_url();
$locations = array();
// Prioritize ABSPATH first, because even though ABSPATH constant's value might be weird sometimes, it's the
// path where the PHP scripts will be most likely be able to get executed.
try {
if ( Throw_On_Errors::t_is_dir( ABSPATH ) ) {
$abspath_dir = Throw_On_Errors::t_realpath( ABSPATH );
$locations[ $abspath_dir ] = $abspath_url;
}
} catch ( Exception $exception ) {
$locations[ ABSPATH ] = new WP_Error(
'abspath_missing',
'Unable to access WordPress root "' . ABSPATH . '": ' . $exception->getMessage(),
array( 'status' => 500 )
);
}
try {
if ( Throw_On_Errors::t_is_dir( WP_CONTENT_DIR ) ) {
$wp_content_dir = Throw_On_Errors::t_realpath( WP_CONTENT_DIR );
// Using content_url() instead of WP_CONTENT_URL as it tests for whether we're using SSL.
$wp_content_url = content_url();
// I think we mess up the order in which we load things somewhere in a test, so "wp-content" and
// "wp-content/uploads/" URLs don't actually have the scheme+host part in them.
if ( ! wp_http_validate_url( $wp_content_url ) ) {
$wp_content_url = $abspath_url . $wp_content_url;
}
$locations[ $wp_content_dir ] = $wp_content_url;
}
} catch ( Exception $exception ) {
$locations[ WP_CONTENT_DIR ] = new WP_Error(
'content_path_missing',
'Unable to access content path "' . WP_CONTENT_DIR . '"' . $exception->getMessage(),
array( 'status' => 500 )
);
}
$upload_dir_info = wp_upload_dir();
$wp_uploads_dir = $upload_dir_info['basedir'];
try {
if ( Throw_On_Errors::t_is_dir( $wp_uploads_dir ) ) {
$wp_uploads_dir = Throw_On_Errors::t_realpath( $wp_uploads_dir );
$wp_uploads_url = $upload_dir_info['baseurl'];
// wp_upload_dir() doesn't check for whether we're using SSL:
//
// https://core.trac.wordpress.org/ticket/25449
//
// so set the scheme manually.
$wp_uploads_url = set_url_scheme( $wp_uploads_url );
if ( ! wp_http_validate_url( $wp_uploads_url ) ) {
$wp_uploads_url = $abspath_url . $wp_uploads_url;
}
$locations[ $wp_uploads_dir ] = $wp_uploads_url;
}
} catch ( Exception $exception ) {
$locations[ $wp_uploads_dir ] = new WP_Error(
'uploads_path_missing',
'Unable to access uploads path "' . $wp_uploads_dir . '"' . $exception->getMessage(),
array( 'status' => 500 )
);
}
return $locations;
}
/**
* Installs a Helper Script, and returns its filesystem path and access url.
*
* @param string $script_body Helper Script file contents.
*
* @return array|WP_Error Either an array containing the filesystem path ("path"), the URL ("url") of the helper
* script, and the WordPress root ("abspath"), or an instance of WP_Error.
*/
public function install_helper_script( $script_body ) {
// Check that the script body contains the correct header.
$actual_header = static::string_starts_with_substring( $script_body, static::HELPER_HEADER );
if ( true !== $actual_header ) {
return new WP_Error(
'bad_header',
'Bad helper script header: 0x' . bin2hex( $actual_header ),
array( 'status' => 400 )
);
}
// Refuse to install a Helper Script that is too large.
$helper_script_size = strlen( $script_body );
if ( $helper_script_size > static::MAX_FILESIZE ) {
return new WP_Error(
'too_big',
"Helper script is bigger ($helper_script_size bytes) " .
'than the max. size (' . static::MAX_FILESIZE . ' bytes)',
array( 'status' => 413 )
);
}
// Replace '[wp_path]' in the Helper Script with the WordPress installation location. Allows the Helper Script
// to find WordPress.
$wp_path_marker = '[wp_path]';
try {
$normalized_abspath = addslashes( Throw_On_Errors::t_realpath( ABSPATH ) );
} catch ( Exception $exception ) {
return new WP_Error(
'abspath_missing',
'Error while resolving ABSPATH "' . ABSPATH . '": ' . $exception->getMessage(),
array( 'status' => 500 )
);
}
$script_body = str_replace(
$wp_path_marker,
$normalized_abspath,
$script_body,
$wp_path_marker_replacement_count
);
if ( 0 === $wp_path_marker_replacement_count ) {
return new WP_Error(
'no_wp_path_marker',
"Helper script does not have the '$wp_path_marker' marker",
array( 'status' => 400 )
);
}
$failure_paths_and_reasons = array();
foreach ( $this->install_locations() as $directory => $url ) {
if ( is_wp_error( $url ) ) {
$failure_paths_and_reasons[] = "directory '$directory': " . $url->get_error_message();
continue;
}
try {
$installed = $this->install_to_location_or_throw( $script_body, $directory, $url );
// Always schedule a cleanup run shortly after EXPIRY_TIME.
wp_schedule_single_event(
time() + static::EXPIRY_TIME + 60,
'jetpack_backup_cleanup_helper_scripts'
);
return array(
'path' => $installed['path'],
'url' => $installed['url'],
'abspath' => Throw_On_Errors::t_realpath( ABSPATH ),
);
} catch ( Exception $exception ) {
$failure_paths_and_reasons[] = "directory '$directory' (URL '$url'): " . $exception->getMessage();
}
}
return new WP_Error(
'all_locations_failed',
'Unable to write the helper script to any install locations; ' .
'tried: ' . implode( ';', $failure_paths_and_reasons ),
array( 'status' => 500 )
);
}
/**
* Install helper script to a directory, or throw an exception.
*
* @param string $script_body Helper script's body.
* @param string $directory Candidate directory to create "jetpack-temp" in and write the helper script.
* @param string $url Base URL that the files in a directory are expected to be available at.
*
* @return string[] Array with "path" (location to the installed helper script) and "url"
* (URL of the installed helper script) keys.
* @throws Exception On I/O errors.
*/
protected function install_to_location_or_throw( $script_body, $directory, $url ) {
if ( ! Throw_On_Errors::t_is_writable( $directory ) ) {
throw new Exception( "Directory '$directory' is not writable" );
}
$temp_dir = trailingslashit( $directory ) . static::TEMP_DIRECTORY;
if ( ! Throw_On_Errors::t_is_dir( $temp_dir ) ) {
Throw_On_Errors::t_mkdir( $temp_dir );
}
$readme_path = trailingslashit( $temp_dir ) . 'README';
Throw_On_Errors::t_file_put_contents( $readme_path, implode( "\n\n", static::README_LINES ) );
$index_path = trailingslashit( $temp_dir ) . 'index.php';
Throw_On_Errors::t_file_put_contents( $index_path, static::INDEX_FILE );
$file_key = wp_generate_password( 10, false );
$file_name = 'jp-helper-' . $file_key . '.php';
$file_path = trailingslashit( $temp_dir ) . $file_name;
// Very unlikely, but check nonetheless.
if ( Throw_On_Errors::t_file_exists( $file_path ) ) {
throw new Exception( "Helper script at '$file_path' already exists" );
}
Throw_On_Errors::t_file_put_contents( $file_path, $script_body );
return array(
'path' => $file_path,
'url' => trailingslashit( $url ) . trailingslashit( static::TEMP_DIRECTORY ) . $file_name,
);
}
/**
* Ensure that the helper script is gone (by deleting it, if needed).
*
* @param string $path Path to the helper script to delete.
*
* @return true|WP_Error True if the file helper script is gone (either it got deleted, or it was never there), or
* WP_Error instance on deletion failures.
*/
public function delete_helper_script( $path ) {
try {
$this->delete_helper_script_or_throw( $path );
} catch ( Exception $exception ) {
return new WP_Error(
'deletion_failure',
"Unable to delete helper script at '$path': " . $exception->getMessage(),
array( 'status' => 500 )
);
}
return true;
}
/**
* Ensure that the helper script is gone (by deleting it, if needed), throw an exception on errors.
*
* @param string $path Path to the helper script to delete.
*
* @return void
* @throws Exception On deletion failures.
*/
protected function delete_helper_script_or_throw( $path ) {
if ( ! Throw_On_Errors::t_file_exists( $path ) ) {
return;
}
if ( ! Throw_On_Errors::t_is_readable( $path ) ) {
throw new Exception( "File '$path' is not readable" );
}
if ( ! Throw_On_Errors::t_is_writable( $path ) ) {
throw new Exception( "File '$path' is not writable" );
}
$helper_script_size = Throw_On_Errors::t_filesize( $path );
// Check this file looks like a JPR helper script.
$helper_header_size = strlen( static::HELPER_HEADER );
if ( $helper_script_size < $helper_header_size ) {
throw new Exception(
"Helper script is smaller ($helper_script_size bytes) " .
"than the expected header ($helper_header_size bytes)"
);
}
if ( $helper_script_size > static::MAX_FILESIZE ) {
throw new Exception(
"Helper script is bigger ($helper_script_size bytes) " .
'than the max. size (' . static::MAX_FILESIZE . ' bytes)'
);
}
$actual_header = static::verify_file_header( $path, static::HELPER_HEADER );
if ( true !== $actual_header ) {
throw new Exception( 'Bad helper script header: 0x' . bin2hex( $actual_header ) );
}
Throw_On_Errors::t_unlink( $path );
$this->delete_helper_directory_if_empty( dirname( $path ) );
}
/**
* Search for Helper Scripts that are suspiciously old, and clean them out.
*
* @return true|WP_Error True if all expired helper scripts got cleaned up successfully, or an instance of
* WP_Error if one or more expired helper scripts didn't manage to get cleaned up.
*/
public function cleanup_expired_helper_scripts() {
try {
$this->cleanup_helper_scripts( time() - static::EXPIRY_TIME );
} catch ( Exception $exception ) {
return new WP_Error(
'cleanup_failed',
'Unable to clean up expired helper scripts: ' . $exception->getMessage(),
array( 'status' => 500 )
);
}
return true;
}
/**
* Search for and delete all Helper Scripts. Used during uninstallation.
*
* @return true|WP_Error True if all helper scripts got deleted successfully, or an instance of WP_Error if one or
* more helper scripts didn't manage to get deleted.
*/
public function delete_all_helper_scripts() {
try {
$this->cleanup_helper_scripts();
} catch ( Exception $exception ) {
return new WP_Error(
'cleanup_failed',
'Unable to clean up all helper scripts: ' . $exception->getMessage(),
array( 'status' => 500 )
);
}
return true;
}
/**
* Search for and delete Helper Scripts. If an $expiry_time is specified, only delete Helper Scripts
* with a mtime older than $expiry_time. Otherwise, delete them all.
*
* @param int|null $expiry_time If specified, only delete scripts older than this UNIX timestamp.
*
* @return void
* @throws Exception If one or more helper scripts doesn't manage to get cleaned up.
*/
protected function cleanup_helper_scripts( $expiry_time = null ) {
$error_messages = array();
foreach ( $this->install_locations() as $directory => $url ) {
if ( is_wp_error( $url ) ) {
$error_messages[] = $url->get_error_message();
continue;
}
$temp_dir = trailingslashit( trailingslashit( $directory ) . static::TEMP_DIRECTORY );
if ( Throw_On_Errors::t_is_dir( $temp_dir ) ) {
// Find expired helper scripts and delete them.
$temp_dir_contents = Throw_On_Errors::t_scandir( $temp_dir );
foreach ( $temp_dir_contents as $name ) {
if ( in_array( $name, $this->scandir_ignored_names, true ) ) {
continue;
}
$full_path = $temp_dir . $name;
$last_modified = Throw_On_Errors::t_filemtime( $full_path );
if ( preg_match( '/^jp-helper-.*\.php$/', $name ) ) {
if ( null === $expiry_time || $last_modified < $expiry_time ) {
try {
$this->delete_helper_script_or_throw( $full_path );
} catch ( Exception $exception ) {
$error_messages[] = $exception->getMessage();
}
}
}
}
// Delete the directory if it's empty now.
$this->delete_helper_directory_if_empty( $temp_dir );
}
}
if ( count( $error_messages ) > 0 ) {
throw new Exception(
'Unable to clean up one or more helper scripts: ' . implode( ';', $error_messages )
);
}
}
/**
* Delete a helper script directory if it's empty.
*
* @param string $dir Path to the helper script directory.
*
* @return bool True if the directory is missing, or was empty and got deleted; false if directory still contains
* something and wasn't deleted.
* @throws Exception On I/O errors.
*/
protected function delete_helper_directory_if_empty( $dir ) {
if ( ! Throw_On_Errors::t_is_dir( $dir ) ) {
return true;
}
// Check that the only remaining files are a README and index.php generated by this system.
$allowed_files_and_headers = array(
'README' => static::README_LINES[0],
'index.php' => static::INDEX_FILE,
);
$dir_contents = Throw_On_Errors::t_scandir( $dir );
if ( count( $dir_contents ) > count( $allowed_files_and_headers ) + count( $this->scandir_ignored_names ) ) {
return false;
}
foreach ( $dir_contents as $name ) {
if ( in_array( $name, $this->scandir_ignored_names, true ) ) {
continue;
}
$full_path = trailingslashit( $dir ) . $name;
if ( ! isset( $allowed_files_and_headers[ $name ] ) ) {
return false;
}
// Verify the file starts with the expected contents.
$actual_header = static::verify_file_header( $full_path, $allowed_files_and_headers[ $name ] );
if ( true !== $actual_header ) {
throw new Exception( "Bad header for file '$full_path': 0x" . bin2hex( $actual_header ) );
}
Throw_On_Errors::t_unlink( $full_path );
}
// If the directory is now empty, delete it.
$dir_contents_after_cleanup = Throw_On_Errors::t_scandir( $dir );
if ( count( $dir_contents_after_cleanup ) <= count( $this->scandir_ignored_names ) ) {
Throw_On_Errors::t_rmdir( $dir );
}
return true;
}
/**
* Test if string starts with a substring, and if it doesn't, return the actual prefix.
*
* @param string $string String to search in.
* @param string $expected_prefix Expected prefix.
*
* @return bool|string True if string starts with a substring, or the actual prefix that was found instead of the
* expected prefix.
*/
protected static function string_starts_with_substring( $string, $expected_prefix ) {
$actual_prefix = substr( $string, 0, strlen( $expected_prefix ) );
if ( $actual_prefix !== $expected_prefix ) {
return $actual_prefix;
}
return true;
}
/**
* Verify that a file exists, is readable, and has the expected header.
*
* @param string $path File to verify.
* @param string $expected_header Header that the file should have.
*
* @return bool|string True if header matches, or an actual header if it doesn't match.
* @throws Exception If the file doesn't exist, isn't readable, or is of the wrong size.
*/
protected static function verify_file_header( $path, $expected_header ) {
if ( ! Throw_On_Errors::t_file_exists( $path ) ) {
throw new Exception( "File '$path' does not exist" );
}
if ( ! Throw_On_Errors::t_is_readable( $path ) ) {
throw new Exception( "File '$path' is not readable" );
}
$file_size = Throw_On_Errors::t_filesize( $path );
// Check this file looks like a JPR helper script.
$expected_header_size = strlen( $expected_header );
if ( $file_size < $expected_header_size ) {
throw new Exception(
"File is smaller ($file_size bytes) " .
"than the expected header ($expected_header_size bytes)"
);
}
if ( $file_size > static::MAX_FILESIZE ) {
throw new Exception(
"File is bigger ($file_size bytes) " .
'than the max. size (' . static::MAX_FILESIZE . ' bytes)'
);
}
$file_contents = Throw_On_Errors::t_file_get_contents( $path );
return static::string_starts_with_substring( $file_contents, $expected_header );
}
}

89
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-backup-helper-script-manager/src/class-helper-script-manager.php
View File

@ -1,89 +0,0 @@
<?php
/**
* Jetpack Backup Helper Script Manager class (static wrapper).
*
* @package automattic/jetpack-backup
*/
// After changing this file, consider increasing the version number ("VXXX") in all the files using this namespace, in
// order to ensure that the specific version of this file always get loaded. Otherwise, Jetpack autoloader might decide
// to load an older/newer version of the class (if, for example, both the standalone and bundled versions of the plugin
// are installed, or in some other cases).
namespace Automattic\Jetpack\Backup\V0003;
/**
* Manage installation, deletion and cleanup of Helper Scripts to assist with backing up Jetpack Sites.
*
* A static wrapper around an "implementation" class so that it gets autoloaded late, and we always get the latest
* version of the class instead of a random version of it:
*
* https://github.com/Automattic/jetpack/pull/34297#discussion_r1424227489
*/
class Helper_Script_Manager {
/**
* Instance of helper script manager implementation, or null if not initialized yet.
*
* @var Helper_Script_Manager_Impl|null
*/
protected static $impl = null;
/**
* Initialize an instance of helper script manager implementation (if needed).
*
* @return void
*/
protected static function initialize_impl_if_needed() {
if ( null === static::$impl ) {
static::$impl = new Helper_Script_Manager_Impl();
}
}
/**
* Install a Helper Script, and returns its filesystem path and access url.
*
* @param string $script_body Helper Script file contents.
*
* @return array|\WP_Error Either an array containing the filesystem path ("path"), the URL ("url") of the helper
* script, and the WordPress root ("abspath"), or an instance of WP_Error.
*/
public static function install_helper_script( $script_body ) {
static::initialize_impl_if_needed();
return static::$impl->install_helper_script( $script_body );
}
/**
* Ensure that the helper script is gone (by deleting it, if needed).
*
* @param string $path Path to the helper script to delete.
*
* @return true|\WP_Error True if the file helper script is gone (either it got deleted, or it was never there), or
* WP_Error instance on deletion failures.
*/
public static function delete_helper_script( $path ) {
static::initialize_impl_if_needed();
return static::$impl->delete_helper_script( $path );
}
/**
* Search for Helper Scripts that are suspiciously old, and clean them out.
*
* @return true|\WP_Error True if all expired helper scripts got cleaned up successfully, or an instance of
* WP_Error if one or more expired helper scripts didn't manage to get cleaned up.
*/
public static function cleanup_expired_helper_scripts() {
static::initialize_impl_if_needed();
return static::$impl->cleanup_expired_helper_scripts();
}
/**
* Search for and delete all Helper Scripts. Used during uninstallation.
*
* @return true|\WP_Error True if all helper scripts got deleted successfully, or an instance of WP_Error if one or
* more helper scripts didn't manage to get deleted.
*/
public static function delete_all_helper_scripts() {
static::initialize_impl_if_needed();
return static::$impl->delete_all_helper_scripts();
}
}

496
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-backup-helper-script-manager/src/class-throw-on-errors.php
View File

@ -1,496 +0,0 @@
<?php // phpcs:disable Squiz.Commenting.FileComment.Missing
// phpcs:disable WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_error_reporting
// phpcs:disable WordPress.PHP.DiscouragedPHPFunctions.runtime_configuration_error_reporting
// phpcs:disable WordPress.PHP.IniSet.display_errors_Disallowed
// After changing this file, consider increasing the version number ("VXXX") in all the files using this namespace, in
// order to ensure that the specific version of this file always get loaded. Otherwise, Jetpack autoloader might decide
// to load an older/newer version of the class (if, for example, both the standalone and bundled versions of the plugin
// are installed, or in some other cases).
namespace Automattic\Jetpack\Backup\V0003;
use Exception;
use Throwable;
/**
* Wrappers for functions which throw an exception on errors and warnings instead of silently continuing operation.
*
* PHP is pretty lax with error reporting when doing I/O operations, e.g. a typical I/O helper function returns false,
* null, and/or emits a warning, but the whole PHP application continues operation. It's for the caller of the I/O
* helper function to test the returned result of the function, and notice + act upon I/O errors.
*
* We really want to know about each and every I/O error. Therefore, this class provides wrappers for some common
* (mostly) I/O operations that throw an exception on errors instead of just returning false, null, or something else.
* This wrapper class treats warnings as errors too.
*
* Given that static method names are similar to the ones used by PHP, they're prefixed with "t_" to not erroneously
* trigger various security scanners.
*/
class Throw_On_Errors {
/**
* Execute a callable, throw an exception (together with a descriptive label) on PHP warnings / errors.
*
* @param callable $callable Callable to execute.
* @param string $label Label to add to the thrown exception to clarify what was attempted.
*
* @return mixed Callable's return value, if any.
* @throws Exception On warnings thrown by the callable.
* @noinspection PhpUnusedParameterInspection
*/
private static function throw_on_warnings( $callable, $label ) {
$old_error_reporting = error_reporting( - 1 );
$old_display_errors = ini_set( 'display_errors', 'stderr' );
// phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_set_error_handler
set_error_handler(
/**
* Temporary error handler.
*
* @see https://php-legacy-docs.zend.com/manual/php5/en/function.set-error-handler
* @see https://www.php.net/manual/en/function.set-error-handler.php
*
* @param int $errno Level of the error raised.
* @param string $errstr Error message.
* @param string|null $errfile Filename that the error was raised in.
* @param int|null $errline Line number where the error was raised.
* @param array|null $errcontext Deprecated, unused.
*
* @return never
* @throws Exception
*/
// phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
function ( $errno, $errstr, $errfile = null, $errline = null, $errcontext = null ) {
throw new Exception( "$errstr (file: $errfile; line: $errline)" );
}
);
$result = null;
$error_message = null;
try {
$result = $callable();
} catch ( Throwable $throwable ) {
$error_message = $throwable->getMessage();
}
restore_error_handler();
ini_set( 'display_errors', $old_display_errors );
error_reporting( $old_error_reporting );
if ( $error_message !== null ) {
throw new Exception( "$label failed: $error_message" );
}
return $result;
}
/**
* Return canonicalized absolute pathname, throw on warnings / errors.
*
* @see https://php-legacy-docs.zend.com/manual/php5/en/function.realpath
* @see https://www.php.net/manual/en/function.realpath.php
*
* @param string $path Path being checked.
*
* @return string Canonicalized absolute pathname
* @throws Exception On invalid parameters, or if realpath() has returned false or thrown warnings.
*/
public static function t_realpath( $path ) {
// PHP 5.x won't complain about parameter being unset, so let's do it ourselves.
if ( ! $path ) {
throw new Exception( 'Filename for realpath() is unset' );
}
$label = "realpath( '$path' )";
$realpath_result = static::throw_on_warnings(
function () use ( $path ) {
return realpath( $path );
},
$label
);
if ( false === $realpath_result ) {
throw new Exception( "Unable to $label" );
}
return $realpath_result;
}
/**
* Check whether a file or directory exists, throw on warnings / errors.
*
* @see https://php-legacy-docs.zend.com/manual/php5/en/function.file-exists
* @see https://www.php.net/manual/en/function.file-exists.php
*
* @param string $filename Path to the file or directory.
*
* @return bool True if the file or directory specified by filename exists; false otherwise.
* @throws Exception On invalid parameters, or if file_exists() has thrown warnings.
*/
public static function t_file_exists( $filename ) {
// PHP 5.x won't complain about parameter being unset, so let's do it ourselves.
if ( ! $filename ) {
throw new Exception( 'Filename for file_exists() is unset' );
}
return static::throw_on_warnings(
function () use ( $filename ) {
return file_exists( $filename );
},
"file_exists( '$filename' )"
);
}
/**
* Tell whether the filename (or a directory) is readable, throw on warnings / errors.
*
* @see https://php-legacy-docs.zend.com/manual/php5/en/function.is-readable
* @see https://www.php.net/manual/en/function.is-readable.php
*
* @param string $filename Filename (or directory) to check.
*
* @return bool True if the filename (or a directory) exists and is readable, false otherwise.
* @throws Exception On invalid parameters, or if is_readable() has thrown warnings.
*/
public static function t_is_readable( $filename ) {
// PHP 5.x won't complain about parameter being unset, so let's do it ourselves.
if ( ! $filename ) {
throw new Exception( 'Filename for is_readable() is unset' );
}
return static::throw_on_warnings(
function () use ( $filename ) {
return is_readable( $filename );
},
"is_readable( '$filename' )"
);
}
/**
* Tell whether the filename (or a directory) is writable, throw on warnings / errors.
*
* @see https://php-legacy-docs.zend.com/manual/php5/en/function.is-writable
* @see https://www.php.net/manual/en/function.is-writable.php
*
* @param string $filename Filename (or directory) to check.
*
* @return bool True if the filename (or a directory) exists and is writable, false otherwise.
* @throws Exception On invalid parameters, or if is_writable() has thrown warnings.
*/
public static function t_is_writable( $filename ) {
// PHP 5.x won't complain about parameter being unset, so let's do it ourselves.
if ( ! $filename ) {
throw new Exception( 'Filename for is_writable() is unset' );
}
return static::throw_on_warnings(
function () use ( $filename ) {
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_is_writable
return is_writable( $filename );
},
"is_writable( '$filename' )"
);
}
/**
* Get file size, throw on warnings / errors.
*
* @see https://php-legacy-docs.zend.com/manual/php5/en/function.filesize
* @see https://www.php.net/manual/en/function.filesize.php
*
* @param string $filename Path to the file.
*
* @return int Size of the file in bytes
* @throws Exception On invalid parameters, or if filesize() has thrown warnings.
*/
public static function t_filesize( $filename ) {
// PHP 5.x won't complain about parameter being unset, so let's do it ourselves.
if ( ! $filename ) {
throw new Exception( 'Filename for filesize() is unset' );
}
$label = "filesize( '$filename' )";
$filesize_result = static::throw_on_warnings(
function () use ( $filename ) {
return filesize( $filename );
},
$label
);
if ( false === $filesize_result ) {
throw new Exception( "Unable to $label" );
}
return $filesize_result;
}
/**
* Get file modification time, throw on warnings / errors.
*
* @see https://php-legacy-docs.zend.com/manual/php5/en/function.filemtime
* @see https://www.php.net/manual/en/function.filemtime.php
*
* @param string $filename Path to the file.
*
* @return int The time the file was last modified
* @throws Exception On invalid parameters, or if filemtime() has thrown warnings.
*/
public static function t_filemtime( $filename ) {
// PHP 5.x won't complain about parameter being unset, so let's do it ourselves.
if ( ! $filename ) {
throw new Exception( 'Filename for filemtime() is unset' );
}
$label = "filemtime( '$filename' )";
$filemtime_result = static::throw_on_warnings(
function () use ( $filename ) {
return filemtime( $filename );
},
$label
);
if ( false === $filemtime_result ) {
throw new Exception( "Unable to $label" );
}
return $filemtime_result;
}
/**
* Tell whether the filename is a directory (follow symlinks), throw on warnings / errors.
*
* @see https://php-legacy-docs.zend.com/manual/php5/en/function.is-dir
* @see https://www.php.net/manual/en/function.is-dir.php
*
* @param string $filename Path to the file.
*
* @return bool True if the filename (or the symlink's target) exists and is a directory, false otherwise.
* @throws Exception On invalid parameters, if is_dir() has thrown warnings, or has failed.
*/
public static function t_is_dir( $filename ) {
// PHP 5.x won't complain about parameter being unset, so let's do it ourselves.
if ( ! $filename ) {
throw new Exception( 'Filename for is_dir() is unset' );
}
return static::throw_on_warnings(
function () use ( $filename ) {
return is_dir( $filename );
},
"is_dir( '$filename' )"
);
}
/**
* Make a directory, throw on warnings / errors.
*
* @see https://php-legacy-docs.zend.com/manual/php5/en/function.mkdir
* @see https://www.php.net/manual/en/function.mkdir.php
*
* @param string $directory Directory path.
* @param int $permissions Permissions of the newly created directory.
* @param bool $recursive If true, then any parent directories to the directory specified will also be created,
* with the same permissions.
*
* @return void
* @throws Exception On invalid parameters, if mkdir() has thrown warnings, or has failed.
*/
public static function t_mkdir( $directory, $permissions = 0777, $recursive = false ) {
// PHP 5.x won't complain about permissions being null, so let's do it ourselves.
if ( $permissions === null ) {
throw new Exception( 'Permissions for mkdir() are unset' );
}
$label = "mkdir( '$directory', 0" . decoct( $permissions ) . ', ' . ( $recursive ? 'true' : 'false' ) . ' )';
$mkdir_result = static::throw_on_warnings(
function () use ( $directory, $permissions, $recursive ) {
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_mkdir
return mkdir( $directory, $permissions, $recursive );
},
$label
);
if ( false === $mkdir_result ) {
throw new Exception( "Unable to $label" );
}
}
/**
* List files and directories inside the specified path, throw on warnings / errors.
*
* @see https://php-legacy-docs.zend.com/manual/php5/en/function.scandir
* @see https://www.php.net/manual/en/function.scandir.php
*
* @param string $directory Directory that will be scanned.
*
* @return string An array of filenames.
* @throws Exception If scandir() has thrown warnings, or has failed.
*/
public static function t_scandir( $directory ) {
// PHP 5.x won't complain about parameter being unset, so let's do it ourselves.
if ( ! $directory ) {
throw new Exception( 'Directory for scandir() is unset' );
}
$label = "scandir( '$directory' )";
$scandir_result = static::throw_on_warnings(
function () use ( $directory ) {
return scandir( $directory );
},
$label
);
if ( false === $scandir_result ) {
throw new Exception( "Unable to $label" );
}
return $scandir_result;
}
/**
* Remove a directory, throw on warnings / errors.
*
* @see https://php-legacy-docs.zend.com/manual/php5/en/function.rmdir
* @see https://www.php.net/manual/en/function.rmdir.php
*
* @param string $directory Directory path.
*
* @return void
* @throws Exception On invalid parameters, if rmdir() has thrown warnings, or has failed.
*/
public static function t_rmdir( $directory ) {
// PHP 5.x won't complain about parameter being unset, so let's do it ourselves.
if ( ! $directory ) {
throw new Exception( 'Directory for mkdir() is unset' );
}
$label = "rmdir( '$directory' )";
$rmdir_result = static::throw_on_warnings(
function () use ( $directory ) {
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_rmdir
return rmdir( $directory );
},
$label
);
if ( false === $rmdir_result ) {
throw new Exception( "Unable to $label" );
}
}
/**
* Delete a file, throw on warnings / errors.
*
* @see https://php-legacy-docs.zend.com/manual/php5/en/function.unlink
* @see https://www.php.net/manual/en/function.unlink.php
*
* @param string $filename Path to the file.
*
* @return void
* @throws Exception If unlink() has thrown warnings, or has failed.
*/
public static function t_unlink( $filename ) {
$label = "unlink( '$filename' )";
$unlink_result = static::throw_on_warnings(
function () use ( $filename ) {
// phpcs:ignore WordPress.WP.AlternativeFunctions.unlink_unlink
return unlink( $filename );
},
$label
);
if ( false === $unlink_result ) {
throw new Exception( "Unable to $label" );
}
}
/**
* Write data to a file, throw on warnings / errors.
*
* @see https://php-legacy-docs.zend.com/manual/php5/en/function.file-put-contents
* @see https://www.php.net/manual/en/function.file-put-contents.php
*
* @param string $filename Path to the file where to write the data.
* @param string $data The data to write.
*
* @return void
* @throws Exception If file_put_contents() has thrown warnings, has failed, or if it didn't write all the bytes.
*/
public static function t_file_put_contents( $filename, $data ) {
// PHP 5.x won't complain about parameter being unset, so let's do it ourselves.
if ( ! $filename ) {
throw new Exception( 'Filename for file_put_contents() is unset' );
}
if ( $data === null ) {
throw new Exception( 'Data to write is null' );
}
$data_length = strlen( $data );
$label = "file_put_contents( '$filename', $data_length bytes of data )";
$number_of_bytes_written = static::throw_on_warnings(
function () use ( $filename, $data ) {
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_file_put_contents
return file_put_contents( $filename, $data );
},
$label
);
if ( false === $number_of_bytes_written ) {
throw new Exception( "Unable to $label" );
}
if ( $number_of_bytes_written !== $data_length ) {
throw new Exception(
"$label was expected to write $data_length bytes, but wrote $number_of_bytes_written bytes"
);
}
}
/**
* Read entire file into a string, throw on warnings / errors.
*
* @see https://php-legacy-docs.zend.com/manual/php5/en/function.file-get-contents
* @see https://www.php.net/manual/en/function.file-get-contents.php
*
* @param string $filename Name of the file to read.
*
* @return string The read data.
* @throws Exception If file_get_contents() has thrown warnings, or has failed.
*/
public static function t_file_get_contents( $filename ) {
// PHP 5.x won't complain about parameter being unset, so let's do it ourselves.
if ( ! $filename ) {
throw new Exception( 'Filename for file_get_contents() is unset' );
}
$label = "file_get_contents( '$filename' )";
$file_get_contents_result = static::throw_on_warnings(
function () use ( $filename ) {
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents
return file_get_contents( $filename );
},
$label
);
if ( false === $file_get_contents_result ) {
throw new Exception( "Unable to $label" );
}
return $file_get_contents_result;
}
}

60
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-core/CHANGELOG.md
View File

@ -1,60 +0,0 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [0.2.5] - 2024-03-14
### Changed
- Internal updates.
## [0.2.4] - 2024-01-25
### Fixed
- Chage get_client() visibility so that older versions of boost do not break. [#35240]
## [0.2.3] - 2024-01-22
### Added
- Send current boost version with API requests to handle requests accordingly [#35132]
### Changed
- Jetpack Boost: Use ARRAY_A when decoding from JSON [#35062]
## [0.2.2] - 2023-11-24
### Changed
- Replaced usage of strpos() with str_contains(). [#34137]
- Replaced usage of substr() with str_starts_with() and str_ends_with(). [#34207]
## [0.2.1] - 2023-11-21
### Fixed
- Made abstract static methods in `Automattic\Jetpack\Boost_Core\Lib\Cacheable` abstract, instead of being implemented to always throw. [#34220]
## [0.2.0] - 2023-11-20
### Changed
- Updated required PHP version to >= 7.0. [#34192]
## [0.1.3] - 2023-09-19
- Minor internal updates.
## [0.1.2] - 2023-09-01
### Fixed
- Fix showing default error message and code when parsing cloud response. [#32685]
## [0.1.1] - 2023-08-28
### Changed
- Updated package dependencies. [#32605]
## 0.1.0 - 2023-06-06
### Added
- Introduce new package. [#31163]
[0.2.5]: https://github.com/Automattic/jetpack-boost-core/compare/v0.2.4...v0.2.5
[0.2.4]: https://github.com/Automattic/jetpack-boost-core/compare/v0.2.3...v0.2.4
[0.2.3]: https://github.com/Automattic/jetpack-boost-core/compare/v0.2.2...v0.2.3
[0.2.2]: https://github.com/Automattic/jetpack-boost-core/compare/v0.2.1...v0.2.2
[0.2.1]: https://github.com/Automattic/jetpack-boost-core/compare/v0.2.0...v0.2.1
[0.2.0]: https://github.com/Automattic/jetpack-boost-core/compare/v0.1.3...v0.2.0
[0.1.3]: https://github.com/Automattic/jetpack-boost-core/compare/v0.1.2...v0.1.3
[0.1.2]: https://github.com/Automattic/jetpack-boost-core/compare/v0.1.1...v0.1.2
[0.1.1]: https://github.com/Automattic/jetpack-boost-core/compare/v0.1.0...v0.1.1

357
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-core/LICENSE.txt
View File

@ -1,357 +0,0 @@
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
===================================
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

47
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-core/SECURITY.md
View File

@ -1,47 +0,0 @@
# Security Policy
Full details of the Automattic Security Policy can be found on [automattic.com](https://automattic.com/security/).
## Supported Versions
Generally, only the latest version of Jetpack and its associated plugins have continued support. If a critical vulnerability is found in the current version of a plugin, we may opt to backport any patches to previous versions.
## Reporting a Vulnerability
Our HackerOne program covers the below plugin software, as well as a variety of related projects and infrastructure:
* [Jetpack](https://jetpack.com/)
* Jetpack Backup
* Jetpack Boost
* Jetpack CRM
* Jetpack Protect
* Jetpack Search
* Jetpack Social
* Jetpack VideoPress
**For responsible disclosure of security issues and to be eligible for our bug bounty program, please submit your report via the [HackerOne](https://hackerone.com/automattic) portal.**
Our most critical targets are:
* Jetpack and the Jetpack composer packages (all within this repo)
* Jetpack.com -- the primary marketing site.
* cloud.jetpack.com -- a management site.
* wordpress.com -- the shared management site for both Jetpack and WordPress.com sites.
For more targets, see the `In Scope` section on [HackerOne](https://hackerone.com/automattic).
_Please note that the **WordPress software is a separate entity** from Automattic. Please report vulnerabilities for WordPress through [the WordPress Foundation's HackerOne page](https://hackerone.com/wordpress)._
## Guidelines
We're committed to working with security researchers to resolve the vulnerabilities they discover. You can help us by following these guidelines:
* Follow [HackerOne's disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
* Pen-testing Production:
* Please **setup a local environment** instead whenever possible. Most of our code is open source (see above).
* If that's not possible, **limit any data access/modification** to the bare minimum necessary to reproduce a PoC.
* **_Don't_ automate form submissions!** That's very annoying for us, because it adds extra work for the volunteers who manage those systems, and reduces the signal/noise ratio in our communication channels.
* To be eligible for a bounty, all of these guidelines must be followed.
* Be Patient - Give us a reasonable time to correct the issue before you disclose the vulnerability.
We also expect you to comply with all applicable laws. You're responsible to pay any taxes associated with your bounties.

52
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-core/composer.json
View File

@ -1,52 +0,0 @@
{
"name": "automattic/jetpack-boost-core",
"description": "Core functionality for boost and relevant packages to depend on",
"type": "jetpack-library",
"license": "GPL-2.0-or-later",
"require": {
"php": ">=7.0"
},
"require-dev": {
"yoast/phpunit-polyfills": "1.1.0",
"automattic/jetpack-changelogger": "^4.1.1",
"automattic/wordbless": "dev-master"
},
"autoload": {
"classmap": [
"src/"
]
},
"scripts": {
"phpunit": [
"./vendor/phpunit/phpunit/phpunit --colors=always"
],
"test-php": [
"@composer phpunit"
],
"build-production": "echo 'Add your build step to composer.json, please!'",
"build-development": "echo 'Add your build step to composer.json, please!'",
"post-install-cmd": "WorDBless\\Composer\\InstallDropin::copy",
"post-update-cmd": "WorDBless\\Composer\\InstallDropin::copy"
},
"minimum-stability": "dev",
"prefer-stable": true,
"config": {
"allow-plugins": {
"roots/wordpress-core-installer": true
}
},
"extra": {
"mirror-repo": "Automattic/jetpack-boost-core",
"changelogger": {
"link-template": "https://github.com/Automattic/jetpack-boost-core/compare/v${old}...v${new}"
},
"autotagger": true,
"branch-alias": {
"dev-trunk": "0.2.x-dev"
},
"textdomain": "jetpack-boost-core"
},
"suggest": {
"automattic/jetpack-autoloader": "Allow for better interoperability with other plugins that use this package."
}
}

34
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-core/src/contracts/boost-api-client.php
View File

@ -1,34 +0,0 @@
<?php
/**
* Boost API Client interface.
*
* @package automattic/jetpack-boost-core
*/
namespace Automattic\Jetpack\Boost_Core\Contracts;
/**
* An interface to build Boost API client.
*
* Communication with Boost back-end should be done through this interface.
*/
interface Boost_API_Client {
/**
* Submit a request to boost API and return response.
*
* @param string $path - Request path.
* @param mixed[] $payload - Request arguments.
* @return mixed
*/
public function post( $path, $payload = array() );
/**
* Make a get request to boost API and return response.
*
* @param string $path - Request path.
* @param mixed[] $query - Query parameters.
* @return mixed
*/
public function get( $path, $query = array() );
}

110
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-core/src/lib/class-boost-api.php
View File

@ -1,110 +0,0 @@
<?php
/**
* A helper class to help with Boost API interactions.
*
* @package automattic/jetpack-boost-core
*/
namespace Automattic\Jetpack\Boost_Core\Lib;
use Automattic\Jetpack\Boost_Core\Contracts\Boost_API_Client;
/**
* A class that handles the Boost API client.
*
* The communication to the backend is done using this class on top of the Boost_API_Client interface.
*/
class Boost_API {
/**
* The API client instance.
*
* @var Boost_API_Client
*/
private static $api_client;
/**
* Get the API client instance.
*
* @return Boost_API_Client
* @deprecated $$next_version$$ Use get(), and post() directly instead.
*/
public static function get_client() {
return self::get_api_client();
}
/**
* Instantiate the API client.
*
* @return Boost_API_Client
*/
private static function get_api_client() {
if ( ! self::$api_client ) {
$class = apply_filters( 'jetpack_boost_api_client_class', WPCOM_Boost_API_Client::class );
self::$api_client = new $class();
}
return self::$api_client;
}
/**
* Make a get request to boost API and return response.
*
* @param string $path - Request path.
* @param mixed[] $query - Query parameters.
* @param mixed[] $args - Request arguments.
* @return array|\WP_Error
*/
public static function get( $path, $query = array(), $args = null ) {
return self::get_api_client()->get( $path, $query, self::merge_args( $args ) );
}
/**
* Submit a request to boost API and return response.
*
* @param string $path - Request path.
* @param mixed[] $payload - Request arguments.
* @param mixed[] $args - Request arguments.
* @return mixed
*/
public static function post( $path, $payload = array(), $args = null ) {
return self::get_api_client()->post( $path, $payload, self::merge_args( $args ) );
}
/**
* Merge the arguments with the defaults.
*
* @param mixed[] $args - Provided arguments.
* @return mixed[]
*/
private static function merge_args( $args ) {
if ( ! is_array( $args ) ) {
$args = wp_parse_args(
$args,
array(
'headers' => self::default_headers(),
)
);
} else {
$args['headers'] = wp_parse_args( $args['headers'] ?? array(), self::default_headers() );
}
return $args;
}
/**
* Get the default headers to include with each request.
*
* @return string[]
*/
public static function default_headers() {
$headers = array(
'Content-Type' => 'application/json; charset=utf-8',
);
if ( defined( 'JETPACK_BOOST_VERSION' ) ) {
$headers['X-Jetpack-Boost-Version'] = JETPACK_BOOST_VERSION;
}
return $headers;
}
}

134
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-core/src/lib/class-cacheable.php
View File

@ -1,134 +0,0 @@
<?php
/**
* Base abstract class for cacheable value objects.
*
* @package automattic/jetpack-boost-core
*/
namespace Automattic\Jetpack\Boost_Core\Lib;
/**
* Class Cacheable.
*/
abstract class Cacheable implements \JsonSerializable {
/**
* Default cache expiry.
*/
const DEFAULT_EXPIRY = 300; // 5 minutes.
/**
* The ID of this object, if cached as a transient.
*
* @var string|null $cache_id Cache id.
*/
private $cache_id;
/**
* Store the object.
*
* @param int $expiry Expiry in seconds.
*
* @return mixed|void
*/
public function store( $expiry = self::DEFAULT_EXPIRY ) {
if ( ! $this->cache_id ) {
$this->cache_id = $this->generate_cache_id();
}
Transient::set(
static::cache_prefix() . $this->cache_id,
$this->jsonSerialize(),
$expiry
);
return $this->cache_id;
}
/**
* Default implementation for generating cache key. Generates a random ASCII string.
*/
protected function generate_cache_id() {
return wp_generate_password( 20, false );
}
/**
* This is intended to be the reverse of JsonSerializable->jsonSerialize.
*
* @param array $data Serialized data to restore the object from.
*
* @throws \Exception Throw an exception to remind to implement the method in child classes.
*/
abstract public static function jsonUnserialize( $data );
/**
* Fetch an object with the given ID.
*
* @param string $id The object ID.
*
* @return null|mixed
*/
public static function get( $id ) {
$data = Transient::get( static::cache_prefix() . $id, false );
if ( ! $data ) {
return null;
}
$class = get_called_class();
$object = $class::jsonUnserialize( $data, $id );
if ( $object ) {
$object->set_cache_id( $id );
}
return $object;
}
/**
* Set cache id.
*
* This is here so we know how this object was loaded.
*
* @param string $cache_id Cache id.
*/
public function set_cache_id( $cache_id ) {
$this->cache_id = $cache_id;
}
/**
* Getter for the cache ID.
*
* @return string
*/
public function get_cache_id() {
return $this->cache_id;
}
/**
* Delete the cache entry.
*/
public function delete() {
$this->cache_id && static::delete_by_cache_id( $this->cache_id );
}
/**
* Delete all currently cached entries.
*/
public static function clear_cache() {
Transient::delete_by_prefix( static::cache_prefix() );
}
/**
* Delete the cache entry for the given cache id.
*
* @param string $cache_id The cache ID.
*/
public static function delete_by_cache_id( $cache_id ) {
Transient::delete( static::cache_prefix() . $cache_id );
}
/**
* Returns the cache prefix
*
* @throws \Exception Throw an exception to remind to implement the method in child classes.
*/
abstract protected static function cache_prefix();
}

122
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-core/src/lib/class-transient.php
View File

@ -1,122 +0,0 @@
<?php
/**
* Transients for Jetpack Boost.
*
* @package automattic/jetpack-boost-core
*/
namespace Automattic\Jetpack\Boost_Core\Lib;
/**
* Class Transient
*/
class Transient {
const OPTION_PREFIX = 'jb_transient_';
/**
* Get the key with prefix.
*
* @param string $key the key to be prefixed.
*/
public static function key( $key ) {
return static::OPTION_PREFIX . $key;
}
/**
* Updates a cache entry. Creates the cache entry if it doesn't exist.
*
* @param string $key Cache key name.
* @param mixed $value Cache value.
* @param int $expiry Cache expiration in seconds.
*
* @return void
*/
public static function set( $key, $value, $expiry = 0 ) {
if ( 0 === $expiry ) {
$expiry = YEAR_IN_SECONDS;
}
$data = array(
'expire' => time() + $expiry,
'data' => $value,
);
update_option( self::key( $key ), $data, false );
}
/**
* Gets a cache entry.
*
* @param string $key Cache key name.
* @param mixed $default Default value.
*
* @return mixed
*/
public static function get( $key, $default = null ) {
// Ensure everything's there.
$option = get_option( self::key( $key ), $default );
if ( $default === $option || ! isset( $option['expire'] ) || ! isset( $option['data'] )
) {
return $default;
}
// Maybe expire the result instead of returning it.
$expire = $option['expire'];
$data = $option['data'];
if ( false !== $expire && $expire < time() ) {
self::delete( $key );
return $default;
}
return $data;
}
/**
* Delete all `Transient` values with certain prefix from database.
*
* @param string $prefix Cache key prefix.
*/
public static function delete_by_prefix( $prefix ) {
global $wpdb;
/**
* The prefix used in option_name.
*/
$option_prefix = static::key( $prefix );
/**
* LIKE search pattern for the delete query.
*/
$prefix_search_pattern = $wpdb->esc_like( $option_prefix ) . '%';
//phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching
$option_names = $wpdb->get_col(
$wpdb->prepare(
"
SELECT option_name
FROM $wpdb->options
WHERE `option_name` LIKE %s
",
$prefix_search_pattern
)
);
// phpcs:enable
// Go through each option individually to ensure caches are handled properly.
foreach ( $option_names as $option_name ) {
delete_option( $option_name );
}
}
/**
* Delete a cache entry.
*
* @param string $key Cache key name.
*
* @return void
*/
public static function delete( $key ) {
delete_option( self::key( $key ) );
}
}

96
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-core/src/lib/class-url.php
View File

@ -1,96 +0,0 @@
<?php
/**
* Implement the URL normalizer.
*
* @package automattic/jetpack-boost-core
*/
namespace Automattic\Jetpack\Boost_Core\Lib;
/**
* Class Url
*/
class Url {
const PARAMS_TO_EXCLUDE = array( 'utm_campaign', 'utm_medium', 'utm_source', 'utm_content', 'fbclid', '_ga', 'jb-disable-modules' );
const PARAMS_TO_NORMALIZE = array( 's' => '' );
/**
* Normalize a URL - right now, just make sure it's absolute.
*
* @param string $url The URL.
*
* @return string
*/
public static function normalize( $url ) {
$url = self::normalize_query_args( $url );
if ( '/' === $url[0] ) {
$url = site_url( $url );
}
return rtrim( $url, '/' );
}
/**
* Returns the current URL.
*
* @return string
*/
public static function get_current_url() {
// Fallback to the site URL if we're unable to determine the URL from $_SERVER global.
$current_url = site_url();
if ( isset( $_SERVER ) && is_array( $_SERVER ) ) {
// phpcs:disable WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Sanitization happens at the end
$scheme = isset( $_SERVER['HTTPS'] ) && 'on' === $_SERVER['HTTPS'] ? 'https' : 'http';
$host = ! empty( $_SERVER['HTTP_HOST'] ) ? wp_unslash( $_SERVER['HTTP_HOST'] ) : null;
$path = ! empty( $_SERVER['REQUEST_URI'] ) ? wp_unslash( $_SERVER['REQUEST_URI'] ) : '';
// Support for local plugin development and testing using ngrok.
if ( ! empty( $_SERVER['HTTP_X_ORIGINAL_HOST'] ) && str_contains( $_SERVER['HTTP_X_ORIGINAL_HOST'], 'ngrok.io' ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- This is validating.
$host = wp_unslash( $_SERVER['HTTP_X_ORIGINAL_HOST'] );
}
// phpcs:enable WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
if ( $host ) {
$current_url = esc_url_raw( sprintf( '%s://%s%s', $scheme, $host, $path ) );
}
}
return apply_filters( 'jetpack_boost_current_url', $current_url );
}
/**
* Remove and reorder query parameters.
*
* @param string $url URL.
*
* @return string
*/
protected static function normalize_query_args( $url ) {
$exclude_parameters = apply_filters(
'jetpack_boost_excluded_query_parameters',
self::PARAMS_TO_EXCLUDE
);
// Filter out certain parameters that we know don't constitute a different page.
$url = remove_query_arg( $exclude_parameters, $url );
// Extract the query string, sort it and replace it in the current URL.
$parsed_url = wp_parse_url( $url );
if ( ! empty( $parsed_url['query'] ) ) {
parse_str( $parsed_url['query'], $args );
foreach ( self::PARAMS_TO_NORMALIZE as $key => $value ) {
if ( isset( $args[ $key ] ) ) {
$args[ $key ] = $value;
}
}
ksort( $args );
$sorted_query = http_build_query( $args );
$url = str_replace( '?' . $parsed_url['query'], '?' . $sorted_query, $url );
}
return $url;
}
}

145
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-core/src/lib/class-utils.php
View File

@ -1,145 +0,0 @@
<?php
/**
* Utility class.
*
* @package automattic/jetpack-boost-core
*/
namespace Automattic\Jetpack\Boost_Core\Lib;
use Automattic\Jetpack\Connection\Client;
/**
* Class Utils
*/
class Utils {
/**
* Standardize error format.
*
* @param mixed $error Error.
*
* @return array
*/
public static function standardize_error( $error ) {
if ( is_wp_error( $error ) ) {
return array(
'name' => $error->get_error_code(),
'message' => $error->get_error_message(),
);
}
if ( is_string( $error ) ) {
return array(
'name' => 'Error',
'message' => $error,
);
}
if ( is_object( $error ) ) {
return array(
'name' => 'Error',
'message' => json_decode( wp_json_encode( $error ), ARRAY_A ),
);
}
return $error;
}
/**
* Convert relative url to absolute.
*
* @param string $url The URL.
*
* @return string
*/
public static function force_url_to_absolute( $url ) {
if ( str_starts_with( $url, '/' ) ) {
return get_site_url( null, $url );
}
return $url;
}
/**
* Given a post type, look up its label (if available). Returns
* raw post type string if not found.
*
* @param string $post_type Post type to look up.
*
* @return string
*/
public static function get_post_type_label( $post_type ) {
$post_type_object = get_post_type_object( $post_type );
if ( ! $post_type_object ) {
return $post_type;
}
return $post_type_object->labels->name;
}
/**
* Given a taxonomy name, look up its label. Returns raw taxonomy name if
* not found.
*
* @param string $taxonomy_name Taxonomy to look up.
*
* @return string
*/
public static function get_taxonomy_label( $taxonomy_name ) {
$taxonomy = get_taxonomy( $taxonomy_name );
if ( ! $taxonomy ) {
return $taxonomy_name;
}
return $taxonomy->label;
}
/**
* Make a Jetpack-authenticated request to the WPCOM servers
*
* @param string $method Request method.
* @param string $endpoint Endpoint to contact.
* @param array $args Request args.
* @param array $body Request body.
*
* @return \WP_Error|array
*/
public static function send_wpcom_request( $method, $endpoint, $args = null, $body = null ) {
$default_args = array(
'method' => $method,
'headers' => array( 'Content-Type' => 'application/json; charset=utf-8' ),
);
$response = Client::wpcom_json_api_request_as_blog(
$endpoint,
'2',
array_merge( $default_args, empty( $args ) ? array() : $args ),
empty( $body ) ? null : wp_json_encode( $body ),
'wpcom'
);
if ( is_wp_error( $response ) ) {
return $response;
}
// Check for HTTP errors.
$code = wp_remote_retrieve_response_code( $response );
$data = json_decode( wp_remote_retrieve_body( $response ), ARRAY_A );
if ( 200 !== $code ) {
$default_message = sprintf(
/* translators: %d is a numeric HTTP error code */
__( 'HTTP %d while communicating with WordPress.com', 'jetpack-boost-core' ),
$code
);
// phpcs:disable WordPress.NamingConventions.ValidVariableName.UsedPropertyNotSnakeCase
$err_code = empty( $data['statusCode'] ) ? 'http_error' : $data['statusCode'];
$message = empty( $data['error'] ) ? $default_message : $data['error'];
return new \WP_Error( $err_code, $message );
}
return $data;
}
}

63
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-core/src/lib/class-wpcom-boost-api-client.php
View File

@ -1,63 +0,0 @@
<?php
/**
* WPCOM Boost API Client interface.
*
* @package automattic/jetpack-boost-core
*/
namespace Automattic\Jetpack\Boost_Core\Lib;
use Automattic\Jetpack\Boost_Core\Contracts\Boost_API_Client;
/**
* A class that handles the Boost API client.
*
* The communication to the backend is done using this class on top of the Boost_API_Client interface.
*/
class WPCOM_Boost_API_Client implements Boost_API_Client {
/**
* Submit a POST request to boost API and return response.
*
* @param string $path - Request path.
* @param mixed[] $payload - Request payload.
* @param mixed[] $args - Request arguments.
* @return mixed
*/
public function post( $path, $payload = array(), $args = null ) {
return Utils::send_wpcom_request(
'POST',
$this->get_api_path( $path ),
$args,
$payload
);
}
/**
* Make a get request to boost API and return response.
*
* @param string $path - Request path.
* @param mixed[] $query - Query parameters.
* @param mixed[] $args - Request arguments.
* @return mixed
*/
public function get( $path, $query = array(), $args = null ) {
return Utils::send_wpcom_request(
'GET',
add_query_arg( $query, $this->get_api_path( $path ) ),
$args
);
}
/**
* Get the API path for the given path.
*
* @param string $path - Request path.
* @return string
*/
private function get_api_path( $path ) {
$blog_id = (int) \Jetpack_Options::get_option( 'id' );
return sprintf( '/sites/%d/jetpack-boost/%s', $blog_id, $path );
}
}

75
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-speed-score/CHANGELOG.md
View File

@ -1,75 +0,0 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [0.3.7] - 2024-03-18
### Changed
- Internal updates.
## [0.3.6] - 2024-03-14
### Changed
- Internal updates.
## [0.3.5] - 2024-03-01
### Changed
- Add gereric Jetpack_Boost_Modules class for when Boost is uninstalled/not activated. [#36080]
## [0.3.4] - 2024-02-13
### Fixed
- Speed Score: Do not return no-boost score if no boost modules are active [#35327]
## [0.3.3] - 2024-01-22
### Added
- Send current boost version with API requests to handle requests accordingly [#35132]
### Changed
- Jetpack Boost: Use Arrays, not objects [#35062]
## [0.3.2] - 2024-01-15
### Changed
- Internal updates.
## [0.3.1] - 2023-12-14
### Changed
- Internal updates.
## [0.3.0] - 2023-11-20
### Changed
- Updated required PHP version to >= 7.0. [#34192]
## [0.2.2] - 2023-09-19
### Fixed
- Fixed deprecation notice in PHP 8.2. [#33079]
## [0.2.1] - 2023-08-28
### Added
- Add boost speed score history endpoint [#32016]
### Changed
- Updated package dependencies. [#32605]
- Updated package version [#32016]
## [0.2.0] - 2023-06-06
### Changed
- Moved boost core classes to boost-core package [#31163]
- Updated package dependencies. [#31163]
## 0.1.0 - 2023-05-29
### Added
- Add a new package for Boost Speed Score [#30914]
- Add a new argument to `Speed_Score` to identify where the request was made from (e.g. 'boost-plugin', 'jetpack-dashboard', etc). [#31012]
[0.3.7]: https://github.com/Automattic/jetpack-boost-speed-score/compare/v0.3.6...v0.3.7
[0.3.6]: https://github.com/Automattic/jetpack-boost-speed-score/compare/v0.3.5...v0.3.6
[0.3.5]: https://github.com/Automattic/jetpack-boost-speed-score/compare/v0.3.4...v0.3.5
[0.3.4]: https://github.com/Automattic/jetpack-boost-speed-score/compare/v0.3.3...v0.3.4
[0.3.3]: https://github.com/Automattic/jetpack-boost-speed-score/compare/v0.3.2...v0.3.3
[0.3.2]: https://github.com/Automattic/jetpack-boost-speed-score/compare/v0.3.1...v0.3.2
[0.3.1]: https://github.com/Automattic/jetpack-boost-speed-score/compare/v0.3.0...v0.3.1
[0.3.0]: https://github.com/Automattic/jetpack-boost-speed-score/compare/v0.2.2...v0.3.0
[0.2.2]: https://github.com/Automattic/jetpack-boost-speed-score/compare/v0.2.1...v0.2.2
[0.2.1]: https://github.com/Automattic/jetpack-boost-speed-score/compare/v0.2.0...v0.2.1
[0.2.0]: https://github.com/Automattic/jetpack-boost-speed-score/compare/v0.1.0...v0.2.0

357
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-speed-score/LICENSE.txt
View File

@ -1,357 +0,0 @@
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
===================================
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

47
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-speed-score/SECURITY.md
View File

@ -1,47 +0,0 @@
# Security Policy
Full details of the Automattic Security Policy can be found on [automattic.com](https://automattic.com/security/).
## Supported Versions
Generally, only the latest version of Jetpack and its associated plugins have continued support. If a critical vulnerability is found in the current version of a plugin, we may opt to backport any patches to previous versions.
## Reporting a Vulnerability
Our HackerOne program covers the below plugin software, as well as a variety of related projects and infrastructure:
* [Jetpack](https://jetpack.com/)
* Jetpack Backup
* Jetpack Boost
* Jetpack CRM
* Jetpack Protect
* Jetpack Search
* Jetpack Social
* Jetpack VideoPress
**For responsible disclosure of security issues and to be eligible for our bug bounty program, please submit your report via the [HackerOne](https://hackerone.com/automattic) portal.**
Our most critical targets are:
* Jetpack and the Jetpack composer packages (all within this repo)
* Jetpack.com -- the primary marketing site.
* cloud.jetpack.com -- a management site.
* wordpress.com -- the shared management site for both Jetpack and WordPress.com sites.
For more targets, see the `In Scope` section on [HackerOne](https://hackerone.com/automattic).
_Please note that the **WordPress software is a separate entity** from Automattic. Please report vulnerabilities for WordPress through [the WordPress Foundation's HackerOne page](https://hackerone.com/wordpress)._
## Guidelines
We're committed to working with security researchers to resolve the vulnerabilities they discover. You can help us by following these guidelines:
* Follow [HackerOne's disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
* Pen-testing Production:
* Please **setup a local environment** instead whenever possible. Most of our code is open source (see above).
* If that's not possible, **limit any data access/modification** to the bare minimum necessary to reproduce a PoC.
* **_Don't_ automate form submissions!** That's very annoying for us, because it adds extra work for the volunteers who manage those systems, and reduces the signal/noise ratio in our communication channels.
* To be eligible for a bounty, all of these guidelines must be followed.
* Be Patient - Give us a reasonable time to correct the issue before you disclose the vulnerability.
We also expect you to comply with all applicable laws. You're responsible to pay any taxes associated with your bounties.

61
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-speed-score/composer.json
View File

@ -1,61 +0,0 @@
{
"name": "automattic/jetpack-boost-speed-score",
"description": "A package that handles the API to generate the speed score.",
"type": "jetpack-library",
"license": "GPL-2.0-or-later",
"require-dev": {
"yoast/phpunit-polyfills": "1.1.0",
"automattic/jetpack-changelogger": "^4.1.2",
"brain/monkey": "^2.6"
},
"autoload-dev": {
"psr-4": {
"Automattic\\Jetpack\\Boost_Speed_Score\\Tests\\": "./tests/php"
}
},
"require": {
"php": ">=7.0",
"automattic/jetpack-boost-core": "^0.2.5"
},
"autoload": {
"classmap": [
"src/"
]
},
"scripts": {
"phpunit": [
"./vendor/phpunit/phpunit/phpunit --colors=always"
],
"test-php": [
"@composer phpunit"
],
"build-production": "echo 'Add your build step to composer.json, please!'",
"build-development": "echo 'Add your build step to composer.json, please!'",
"post-install-cmd": "WorDBless\\Composer\\InstallDropin::copy",
"post-update-cmd": "WorDBless\\Composer\\InstallDropin::copy"
},
"minimum-stability": "dev",
"prefer-stable": true,
"config": {
"allow-plugins": {
"roots/wordpress-core-installer": true
}
},
"extra": {
"mirror-repo": "Automattic/jetpack-boost-speed-score",
"changelogger": {
"link-template": "https://github.com/Automattic/jetpack-boost-speed-score/compare/v${old}...v${new}"
},
"autotagger": true,
"branch-alias": {
"dev-trunk": "0.3.x-dev"
},
"textdomain": "jetpack-boost-speed-score",
"version-constants": {
"::PACKAGE_VERSION": "src/class-speed-score.php"
}
},
"suggest": {
"automattic/jetpack-autoloader": "Allow for better interoperability with other plugins that use this package."
}
}

56
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-speed-score/src/class-jetpack-boost-modules.php
View File

@ -1,56 +0,0 @@
<?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName
/**
* Jetpack Boost Active Modules
*
* Since the speed scores API will be used in the Jetpack plugin and in the My Jetpack, if Jetpack Boost
* is uninstalled, all we need is to pass along this placeholder class for the modules that essentially
* tells the API the user doesn't have any Boost modules active.
*
* @package automattic/jetpack/boost_speed_score
*/
namespace Automattic\Jetpack\Boost_Speed_Score;
/**
* Jetpack Boost Modules
*/
class Jetpack_Boost_Modules {
/**
* Holds the singleton instance of the class
*
* @var Jetpack_Boost_Modules
*/
private static $instance = false;
/**
* Singleton
*
* @static
* @return Jetpack_Boost_Modules
*/
public static function init() {
if ( ! self::$instance ) {
self::$instance = new Jetpack_Boost_Modules();
}
return self::$instance;
}
/**
* Returns status of all active boost modules
*
* @return array - An empty array. The user will never have active modules when using the Boost Score API
*/
public function get_status() {
return array();
}
/**
* Returns whether or not the user has active modules
*
* @return false - The user will never have active modules when using the Boost Score API
*/
public function have_enabled_modules() {
return false;
}
}

138
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-speed-score/src/class-speed-score-graph-history-request.php
View File

@ -1,138 +0,0 @@
<?php
/**
* Represents a request to generate an array of speed scores history.
*
* @package automattic/jetpack-boost-speed-score
*/
namespace Automattic\Jetpack\Boost_Speed_Score;
use Automattic\Jetpack\Boost_Core\Lib\Boost_API;
use Automattic\Jetpack\Boost_Core\Lib\Cacheable;
/**
* Class Speed_Score_Graph_History_Request
*/
class Speed_Score_Graph_History_Request extends Cacheable {
/**
* Algorithm to use when defining a hash for the cache.
*/
const CACHE_KEY_HASH_ALGO = 'md5';
/**
* The timestamp start windown in ms.
*
* @var number $start timestamp start windown in ms.
*/
private $start;
/**
* The timestamp end windown in ms.
*
* @var number $end timestamp end windown in ms.
*/
private $end;
/**
* Number of retries attempted.
*
* @var int $retry_count Number of times this Speed Score request has been retried.
*/
private $retry_count;
/**
* The error returned
*
* @var array $error Speed Scores error.
*/
private $error;
/**
* Used when there's an error.
*
* @var string $status Status.
*/
private $status;
/**
* Constructor.
*
* @param number $start timestamp start windown in ms.
* @param number $end timestamp end windown in ms.
* @param array $error Speed Scores error.
*/
public function __construct( $start, $end, $error ) {
$this->start = $start;
$this->end = $end;
$this->error = $error;
$this->retry_count = 0;
}
/**
* Convert this object to a plain array for JSON serialization.
*/
#[\ReturnTypeWillChange]
public function jsonSerialize() {
return array(
'start' => $this->start,
'end' => $this->end,
'error' => $this->error,
'retry_count' => $this->retry_count,
);
}
/**
* This is intended to be the reverse of JsonSerializable->jsonSerialize.
*
* @param mixed $data The data to turn into an object.
*
* @return Speed_Score_Graph_History_Request
*/
public static function jsonUnserialize( $data ) {
$object = new Speed_Score_Graph_History_Request(
$data['start'],
$data['end'],
$data['error']
);
if ( ! empty( $data['retry_count'] ) ) {
$object->retry_count = intval( $data['retry_count'] );
}
return $object;
}
/**
* Return the cache prefix.
*
* @return string
*/
protected static function cache_prefix() {
return 'jetpack_boost_speed_scores_graph_history_';
}
/**
* Send a Speed History request to the API.
*
* @return true|\WP_Error True on success, WP_Error on failure.
*/
public function execute() {
$response = Boost_API::get(
'speed-scores-history',
array(
'start' => $this->start,
'end' => $this->end,
)
);
if ( is_wp_error( $response ) ) {
$this->status = 'error';
$this->error = $response->get_error_message();
$this->store();
return $response;
}
return $response;
}
}

148
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-speed-score/src/class-speed-score-history.php
View File

@ -1,148 +0,0 @@
<?php
/**
* Speed score history after Jetpack Boost
*
* @package automattic/jetpack-boost-speed-score
*/
namespace Automattic\Jetpack\Boost_Speed_Score;
use Automattic\Jetpack\Boost_Core\Lib\Transient;
/**
* Class Speed_Score_History
*
* @package Automattic\Jetpack\Boost_Speed_Score\Lib
*/
class Speed_Score_History {
const OPTION_PREFIX = 'jetpack_boost_speed_score_history_';
const STALE_TRANSIENT_KEY = 'speed_score_stale_marker';
/**
* Limit the number of recent records to keep.
*/
const LIMIT = 20;
/**
* The list of history entries.
*
* @var array
*/
private $entries;
/**
* URL of the site the speed score belongs to.
*
* @var string
*/
private $url;
/**
* Speed_Score_History constructor.
*
* @param string $url URL of the site the speed scores belong to.
*/
public function __construct( $url ) {
$this->url = $url;
$this->entries = get_option( $this->get_option_name(), array() );
}
/**
* Determine the option_name used to store the speed score data in options table.
*
* @return string
*/
private function get_option_name() {
return static::OPTION_PREFIX . Speed_Score_Request::generate_cache_id_from_url( $this->url );
}
/**
* Get the number of history records currently stored.
*
* @return int
*/
public function count() {
return count( $this->entries );
}
/**
* Find the latest available speed score history record.
*
* @param int $offset Instead of receiving the last one, you can use offset to receive a slightly older speed score.
*
* @return array|null
*/
public function latest( $offset = 0 ) {
$index = $this->count() - ( $offset + 1 );
if ( $index >= 0 ) {
return $this->entries[ $index ];
}
return null;
}
/**
* Find the latest available speed scores.
*
* @param int $offset Instead of receiving the last one, you can use offset to receive a slightly older speed score.
*
* @return array|null
*/
public function latest_scores( $offset = 0 ) {
$index = $this->count() - ( $offset + 1 );
if ( $index >= 0 ) {
return $this->entries[ $index ]['scores'];
}
return null;
}
/**
* Get a timestamp that marks previous history stale.
*
* All speed score before this timestamp are considered stale.
*
* @return array
*/
public static function get_stale_timestamp() {
$last_stale_marker = Transient::get( static::STALE_TRANSIENT_KEY, 0 );
// Any score that is older than 24 hours or before the last stale marker is considered stale.
return max( $last_stale_marker, time() - DAY_IN_SECONDS );
}
/**
* Mark previous speed score as stale.
*
* If a there were significant changes to the site, we want to mark prior speed scores as stale.
*/
public static function mark_stale() {
Transient::set( static::STALE_TRANSIENT_KEY, time() );
}
/**
* Check if the last item in history is stale.
*/
public function is_stale() {
$last_entry = $this->latest();
if ( ! $last_entry ) {
return true;
}
return $last_entry['timestamp'] < self::get_stale_timestamp();
}
/**
* Record a new history entry for speed scores.
*
* @param array $entry The new entry to save.
*/
public function push( $entry ) {
$this->entries[] = $entry;
$this->entries = array_slice( $this->entries, - static::LIMIT );
update_option( $this->get_option_name(), $this->entries, false );
}
}

335
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-speed-score/src/class-speed-score-request.php
View File

@ -1,335 +0,0 @@
<?php
/**
* Represents a request to generate a pair of speed scores.
*
* @package automattic/jetpack-boost-speed-score
*/
namespace Automattic\Jetpack\Boost_Speed_Score;
use Automattic\Jetpack\Boost_Core\Lib\Boost_API;
use Automattic\Jetpack\Boost_Core\Lib\Cacheable;
use Automattic\Jetpack\Boost_Core\Lib\Url;
/**
* Class Speed_Score_Request
*/
class Speed_Score_Request extends Cacheable {
/**
* Algorithm to use when defining a hash for the cache.
*/
const CACHE_KEY_HASH_ALGO = 'md5';
/**
* The URL to get the Speed Scores for.
*
* @var string $url Url to get the Speed Scores for.
*/
private $url;
/**
* Active Jetpack Boost modules.
*
* @var array $active_modules Active modules.
*/
private $active_modules;
/**
* When the Speed Scores request was created, in seconds since epoch.
*
* @var float $created Speed Scores request creation timestamp.
*/
private $created;
/**
* Current status of the Speed Score request.
*
* @var string $status Speed Scores request status.
*/
private $status;
/**
* Number of retries attempted.
*
* @var int $retry_count Number of times this Speed Score request has been retried.
*/
private $retry_count;
/**
* The error returned
*
* @var array $error Speed Scores error.
*/
private $error;
/**
* Where the Speed Scores request was made from.
*
* @var string $client A string passed to Speed_Score to identify where the request was made from.
*/
private $client;
/**
* Constructor.
*
* @param string $url The URL to get the Speed Scores for.
* @param array $active_modules Active modules.
* @param null $created When the Speed Scores request was created, in seconds since epoch.
* @param string $status Status of the Speed Scores request.
* @param null $error The Speed Scores error.
* @param string $client A string identifying where the request was made from.
*/
public function __construct( $url, $active_modules = array(), $created = null, $status = 'pending', $error = null, $client = null ) {
$this->set_cache_id( self::generate_cache_id_from_url( $url ) );
$this->url = $url;
$this->active_modules = $active_modules;
$this->created = $created === null ? microtime( true ) : $created;
$this->status = $status;
$this->error = $error;
$this->client = $client;
$this->retry_count = 0;
}
/**
* Generate the cache ID from the URL.
*
* @param string $url The URL to get the Speed Scores for.
*
* @return string
*/
public static function generate_cache_id_from_url( $url ) {
return hash( self::CACHE_KEY_HASH_ALGO, $url );
}
/**
* Get the list of active performance modules while this request was created.
*
* @return string
*/
public function get_active_performance_modules() {
// List of modules that affect the speed score.
$performance_modules = array(
'cloud_css',
'critical_css',
'image_cdn',
'minify_css',
'minify_js',
'render_blocking_js',
);
return array_intersect( $this->active_modules, $performance_modules );
}
/**
* Convert this object to a plain array for JSON serialization.
*/
#[\ReturnTypeWillChange]
public function jsonSerialize() {
return array(
'id' => $this->get_cache_id(),
'url' => $this->url,
'active_modules' => $this->get_active_performance_modules(),
'created' => $this->created,
'status' => $this->status,
'error' => $this->error,
'client' => $this->client,
'retry_count' => $this->retry_count,
);
}
/**
* This is intended to be the reverse of JsonSerializable->jsonSerialize.
*
* @param mixed $data The data to turn into an object.
*
* @return Speed_Score_Request
*/
public static function jsonUnserialize( $data ) {
$object = new Speed_Score_Request(
$data['url'],
$data['active_modules'],
$data['created'],
$data['status'],
$data['error'],
$data['client']
);
if ( ! empty( $data['id'] ) ) {
$object->set_cache_id( $data['id'] );
}
if ( ! empty( $data['retry_count'] ) ) {
$object->retry_count = intval( $data['retry_count'] );
}
return $object;
}
/**
* Return the cache prefix.
*
* @return string
*/
protected static function cache_prefix() {
return 'jetpack_boost_speed_scores_';
}
/**
* Send a Speed Scores request to the API.
*
* @return true|\WP_Error True on success, WP_Error on failure.
*/
public function execute() {
$response = Boost_API::post(
'speed-scores',
array(
'request_id' => $this->get_cache_id(),
'url' => Url::normalize( $this->url ),
'active_modules' => $this->active_modules,
'client' => $this->client,
)
);
if ( is_wp_error( $response ) ) {
$this->status = 'error';
$this->error = $response->get_error_message();
$this->store();
return $response;
}
return true;
}
/**
* Is this request pending?
*/
public function is_pending() {
return 'pending' === $this->status;
}
/**
* Did the request fail?
*/
public function is_error() {
return 'error' === $this->status;
}
/**
* Did the request succeed?
*/
public function is_success() {
return 'success' === $this->status;
}
/**
* Poll for updates to this Speed Scores request.
*
* @return true|\WP_Error True on success, WP_Error on failure.
*/
public function poll_update() {
$response = Boost_API::get(
sprintf(
'speed-scores/%s',
$this->get_cache_id()
)
);
if ( is_wp_error( $response ) ) {
// Special case: If the request is not found, restart it.
if ( 'not_found' === $response->get_error_code() ) {
return $this->restart();
}
return $response;
}
switch ( $response['status'] ) {
case 'pending':
// The initial job probably failed, dispatch again if so.
if ( $this->created <= strtotime( '-15 mins' ) ) {
return $this->restart();
}
break;
case 'error':
$this->status = 'error';
$this->error = $response['error'];
$this->store();
break;
case 'success':
$this->status = 'success';
$this->store();
$this->record_history( $response );
break;
default:
return new \WP_Error(
'invalid_response',
__(
'Invalid response from WPCOM API while polling for speed scores',
'jetpack-boost-speed-score'
),
$response
);
}
return true;
}
/**
* Restart this request; useful when WPCOM doesn't recognize the request or it times out.
*/
private function restart() {
// Enforce a maximum number of restarts.
if ( $this->retry_count > 2 ) {
$this->status = 'error';
$this->error = 'Maximum number of retries exceeded';
$this->store();
return new \WP_Error(
'error',
$this->error
);
}
$result = $this->execute();
if ( is_wp_error( $result ) ) {
return $result;
}
$this->created = time();
++$this->retry_count;
$this->store();
return true;
}
/**
* Save the speed score record to history.
*
* @param array $response Response from api.
*/
private function record_history( $response ) {
$history = new Speed_Score_History( $this->url );
$last_history = $history->latest();
$last_scores = $last_history ? $last_history['scores'] : null;
$last_theme = $last_history ? $last_history['theme'] : null;
$current_theme = wp_get_theme()->get( 'Name' );
// Only change if there is a difference from last score or the theme changed.
if ( $last_scores !== $response['scores'] || $current_theme !== $last_theme ) {
$history->push(
array(
'timestamp' => time(),
'scores' => $response['scores'],
'theme' => $current_theme,
)
);
}
}
}

344
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-boost-speed-score/src/class-speed-score.php
View File

@ -1,344 +0,0 @@
<?php
/**
* Speed Score API endpoints.
*
* @package automattic/jetpack-boost-speed-score
*/
namespace Automattic\Jetpack\Boost_Speed_Score;
use Automattic\Jetpack\Boost_Core\Lib\Utils;
if ( ! defined( 'JETPACK_BOOST_REST_NAMESPACE' ) ) {
define( 'JETPACK_BOOST_REST_NAMESPACE', 'jetpack-boost/v1' );
}
// For use in situations where you want additional namespacing.
if ( ! defined( 'JETPACK_BOOST_REST_PREFIX' ) ) {
define( 'JETPACK_BOOST_REST_PREFIX', '' );
}
/**
* Class Speed_Score
*/
class Speed_Score {
const PACKAGE_VERSION = '0.3.7';
/**
* An instance of Automatic\Jetpack_Boost\Modules\Modules_Setup passed to the constructor
*
* @var Modules_Setup
*/
protected $modules;
/**
* A string representing the client making the request (e.g. 'boost-plugin', 'jetpack-dashboard', etc).
*
* @var string
*/
protected $client;
/**
* Constructor.
*
* @param Modules_Setup $modules - An instance of Automatic\Jetpack_Boost\Modules\Modules_Setup.
* @param string $client - A string representing the client making the request.
*/
public function __construct( $modules, $client ) {
$this->modules = $modules;
$this->client = $client;
add_action( 'rest_api_init', array( $this, 'register_rest_routes' ) );
add_action( 'jetpack_boost_deactivate', array( $this, 'clear_speed_score_request_cache' ) );
add_action( 'handle_environment_change', array( Speed_Score_History::class, 'mark_stale' ) );
add_action( 'jetpack_boost_deactivate', array( Speed_Score_History::class, 'mark_stale' ) );
}
/**
* Register Speed Score related REST routes.
*/
public function register_rest_routes() {
register_rest_route(
JETPACK_BOOST_REST_NAMESPACE,
JETPACK_BOOST_REST_PREFIX . '/speed-scores',
array(
'methods' => \WP_REST_Server::EDITABLE,
'callback' => array( $this, 'fetch_speed_score' ),
'permission_callback' => array( $this, 'can_access_speed_scores' ),
)
);
register_rest_route(
JETPACK_BOOST_REST_NAMESPACE,
JETPACK_BOOST_REST_PREFIX . '/speed-scores/refresh',
array(
'methods' => \WP_REST_Server::EDITABLE,
'callback' => array( $this, 'dispatch_speed_score_request' ),
'permission_callback' => array( $this, 'can_access_speed_scores' ),
)
);
register_rest_route(
JETPACK_BOOST_REST_NAMESPACE,
JETPACK_BOOST_REST_PREFIX . '/speed-scores-history',
array(
'methods' => \WP_REST_Server::EDITABLE,
'callback' => array( $this, 'dispatch_speed_score_graph_history_request' ),
'permission_callback' => array( $this, 'can_access_speed_scores' ),
'args' => array(
'start' => array(
'required' => true,
'type' => 'number',
),
'end' => array(
'required' => true,
'type' => 'number',
),
),
)
);
}
/**
* Verify and normalize the URL argument for a request.
*
* @param \WP_REST_Request $request The request object.
*
* @return string|\WP_Error An error to return or the target url.
*/
private function process_url_arg( $request ) {
$params = $request->get_json_params();
if ( ! isset( $params['url'] ) ) {
return new \WP_Error(
'invalid_parameter',
__(
'The url parameter is required',
'jetpack-boost-speed-score'
),
array( 'status' => 400 )
);
}
return Utils::force_url_to_absolute( $params['url'] );
}
/**
* Handler for POST /speed-scores/refresh.
*
* @param \WP_REST_Request $request The request object.
*
* @return \WP_REST_Response|\WP_Error The response.
*/
public function dispatch_speed_score_request( $request ) {
$url = $this->process_url_arg( $request );
if ( is_wp_error( $url ) ) {
return $url;
}
// Create and store the Speed Score request.
$active_modules = array_keys( array_filter( $this->modules->get_status(), 'strlen' ) );
$score_request = new Speed_Score_Request( $url, $active_modules, null, 'pending', null, $this->client );
$score_request->store( 1800 ); // Keep the request for 30 minutes even if no one access the results.
// Send the request.
$score_request->execute();
$score_request_no_boost = $this->maybe_dispatch_no_boost_score_request( $url );
return $this->prepare_speed_score_response( $url, $score_request, $score_request_no_boost );
}
/**
* Handler for POST /speed-scores-history.
*
* @param \WP_REST_Request $request The request object.
*
* @return \WP_REST_Response|\WP_Error The response.
*/
public function dispatch_speed_score_graph_history_request( $request ) {
$score_history_request = new Speed_Score_Graph_History_Request( $request->get_param( 'start' ), $request->get_param( 'end' ), array() );
// Send the request.
return $score_history_request->execute();
}
/**
* Remove the string "jb-disable-module" from array of strings.
*
* This is intended to be used by the filter `jetpack_boost_excluded_query_parameters` to allow `jb-disable-module` url parameter during score requests.
*
* @param string[] $params List of parameters to be removed from url.
*
* @return string[] Revised list of parameters to remove from url.
*/
public function allow_jb_disable_module( $params ) {
$index = array_search( 'jb-disable-modules', $params, true );
unset( $params[ $index ] );
return $params;
}
/**
* Handler for POST /speed-scores.
*
* @param \WP_REST_Request $request The request object.
*
* @return \WP_REST_Response|\WP_Error The response.
*/
public function fetch_speed_score( $request ) {
$url = $this->process_url_arg( $request );
if ( is_wp_error( $url ) ) {
return $url;
}
// Poll update if there is an ongoing request for scores with boost disabled.
$url_no_boost = $this->get_boost_modules_disabled_url( $url );
$score_request_no_boost = $this->get_score_request_by_url( $url_no_boost );
if ( $score_request_no_boost && $score_request_no_boost->is_pending() ) {
$response = $score_request_no_boost->poll_update();
if ( is_wp_error( $response ) ) {
return $response;
}
}
// Poll update if there is an ongoing request for scores with boost enabled.
$score_request = $this->get_score_request_by_url( $url );
if ( $score_request && $score_request->is_pending() ) {
$response = $score_request->poll_update();
if ( is_wp_error( $response ) ) {
return $response;
}
}
// If this is a fresh install, there might not be any speed score history. In which case, we want to fetch the initial scores.
// While updating plugin from 1.2 -> 1.3, the history will be missing along with a non-pending score request due to data structure change.
$history = new Speed_Score_History( $url );
if ( null === $history->latest_scores() && ( empty( $score_request ) || ! $score_request->is_pending() ) ) {
return $this->dispatch_speed_score_request( $request );
}
return $this->prepare_speed_score_response( $url, $score_request, $score_request_no_boost );
}
/**
* If it is time to fetch the score without boost, fetch it.
*
* @param string $url Url of the site.
*
* @return Speed_Score_Request
*/
private function maybe_dispatch_no_boost_score_request( $url ) {
// Allow `jb-disable-module` URL param to fetch score without boost modules being active.
add_filter( 'jetpack_boost_excluded_query_parameters', array( $this, 'allow_jb_disable_module' ) );
$url_no_boost = $this->get_boost_modules_disabled_url( $url );
$history = new Speed_Score_History( $url_no_boost );
$score_request = $this->get_score_request_by_url( $url_no_boost );
if (
// If there isn't already a pending request.
( empty( $score_request ) || ! $score_request->is_pending() )
&& $this->modules->have_enabled_modules()
&& $history->is_stale()
) {
$score_request = new Speed_Score_Request( $url_no_boost, array(), null, 'pending', null, $this->client ); // Dispatch a new speed score request to measure score without boost.
$score_request->store( 3600 ); // Keep the request for 1 hour even if no one access the results. The value is persisted for 1 hour in wp.com from initial request.
// Send the request.
$score_request->execute();
}
remove_filter( 'jetpack_boost_excluded_query_parameters', array( $this, 'allow_jb_disable_module' ) );
return $score_request;
}
/**
* Get Speed_Score_Request instance by url.
*
* @param string $url Url to get the Speed_Score_Request instance for.
*
* @return Speed_Score_Request
*/
private function get_score_request_by_url( $url ) {
return Speed_Score_Request::get(
Speed_Score_Request::generate_cache_id_from_url( $url )
);
}
/**
* Add query parameters to the url that would disable all boost modules.
*
* @param string $url The original URL we are measuring for score.
*
* @return string
*/
private function get_boost_modules_disabled_url( $url ) {
return add_query_arg( 'jb-disable-modules', 'all', $url );
}
/**
* Can the user access speed scores?
*
* @return bool
*/
public function can_access_speed_scores() {
return current_user_can( 'manage_options' );
}
/**
* Clear speed score request cache on jetpack_boost_deactivate action.
*/
public function clear_speed_score_request_cache() {
Speed_Score_Request::clear_cache();
}
/**
* Prepare the speed score response.
*
* @param string $url URL of the speed is requested for.
* @param Speed_Score_Request $score_request Speed score request.
* @param Speed_Score_Request $score_request_no_boost Speed score request without boost enabled.
*
* @return \WP_Error|\WP_HTTP_Response|\WP_REST_Response
*/
private function prepare_speed_score_response( $url, $score_request, $score_request_no_boost ) {
$history = new Speed_Score_History( $url );
$url_no_boost = $this->get_boost_modules_disabled_url( $url );
$history_no_boost = new Speed_Score_History( $url_no_boost );
$response = array();
if ( ( ! $score_request || $score_request->is_success() ) && ( ! $score_request_no_boost || $score_request_no_boost->is_success() ) ) {
$response['status'] = 'success';
$response['scores'] = array(
'current' => $history->latest_scores(),
'noBoost' => null,
);
// Only include noBoost scores if at least one module is enabled.
if ( $score_request && ! empty( $score_request->get_active_performance_modules() ) ) {
$response['scores']['noBoost'] = $history_no_boost->latest_scores();
}
$response['scores']['isStale'] = $history->is_stale();
} elseif ( ( $score_request && $score_request->is_error() ) || ( $score_request_no_boost && $score_request_no_boost->is_error() ) ) {
// If either request ended up in error, we can just return the one with error so front-end can take action. The relevent url is available on the serialized object.
if ( $score_request->is_error() ) {
// Serialized version of score request contains the status property and error description if any.
$response = $score_request->jsonSerialize();
} else {
$response = $score_request_no_boost->jsonSerialize();
}
} else {
// If no request ended up in error/success as previous conditions dictate, it means that either of them are in pending state.
$response['status'] = 'pending';
}
return rest_ensure_response( $response );
}
}

241
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-config/CHANGELOG.md
View File

@ -1,241 +0,0 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [2.0.1] - 2024-03-14
### Changed
- Internal updates.
## [2.0.0] - 2023-11-20
### Changed
- Updated required PHP version to >= 7.0. [#34192]
## [1.15.4] - 2023-09-19
- Minor internal updates.
## [1.15.3] - 2023-06-26
### Changed
- Blaze can now be loaded as a module, instead of relying on the Config package. [#31479]
## [1.15.2] - 2023-04-10
### Added
- Add Jetpack Autoloader package suggestion. [#29988]
## [1.15.1] - 2023-03-28
### Changed
- Minor internal updates.
## [1.15.0] - 2023-03-27
### Added
- Initialize yoast promo package in jetpack plugin [#29641]
## [1.14.0] - 2023-02-20
### Added
- Added the Import package. [#28824]
## [1.13.0] - 2023-01-02
### Added
- Blaze package: Add config initialization, initialization checks for loading. [#28077]
## [1.12.0] - 2022-12-12
### Added
- Config: add option to init stats-admin [#27565]
## [1.11.1] - 2022-11-22
### Changed
- Updated package dependencies. [#27043]
## [1.11.0] - 2022-10-11
### Changed
- Integrate Stats package in Jetpack plugin [#26640]
## [1.10.0] - 2022-09-27
### Added
- Social: Added the option to configure if the plan information should be refreshed as the package is enabled. [#26294]
## [1.9.6] - 2022-08-26
### Changed
- Call ensure_options_$feature methods before the initialization
## [1.9.5] - 2022-08-23
### Changed
- Initialize VideoPress admin UI from the package [#25692]
## [1.9.4] - 2022-08-09
### Changed
- Initialize VideoPress package from the Config pkg [#25385]
## [1.9.3] - 2022-07-26
### Changed
- Updated package dependencies. [#25158]
## [1.9.2] - 2022-06-29
- Updated package dependencies.
## [1.9.1] - 2022-06-21
### Changed
- Renaming master to trunk.
## [1.9.0] - 2022-05-18
### Added
- Configuration for waf package [#24153]
## [1.8.0] - 2022-04-26
### Added
- Added the publicize package to be configured via the config package.
### Changed
- Updated package dependencies.
## [1.7.2] - 2022-04-19
### Added
- Enable WordAds from Config class
## [1.7.1] - 2022-04-06
### Removed
- Removed tracking dependency.
## [1.7.0] - 2022-03-23
### Added
- Search: added search initialization
## [1.6.1] - 2022-02-09
### Added
- Allow sync package consumers to provide custom data settings.
## [1.6.0] - 2022-01-04
### Added
- Accept options for the IDC package.
### Changed
- Updated package textdomain from `jetpack` to `jetpack-config`.
## [1.5.4] - 2021-12-14
### Changed
- Updated package dependencies.
## [1.5.3] - 2021-10-13
### Changed
- Updated package dependencies.
## [1.5.2] - 2021-10-12
### Added
- Add support for the identity-crisis package
## [1.5.1] - 2021-09-28
### Changed
- Updated package dependencies.
## [1.5.0] - 2021-09-22
### Added
- Allow for enabling and initializing new Post_List package from Config package.
## [1.4.7] - 2021-08-31
### Changed
- updates annotations versions.
## [1.4.6] - 2021-05-25
### Changed
- Updated package dependencies.
## [1.4.5] - 2021-04-27
### Changed
- Updated package dependencies.
## [1.4.4] - 2021-03-30
### Added
- Composer alias for dev-master, to improve dependencies
### Changed
- Update package dependencies.
## [1.4.3] - 2021-01-19
- Add mirror-repo information to all current composer packages
- Monorepo: Reorganize all projects
## [1.4.2] - 2020-10-28
- Updated PHPCS: Packages and Debugger
- Config: remove tos and tracking features
- Config: add info about the package dependencies to the package docs
## [1.4.1] - 2020-09-15
- Config: remove tos and tracking features
## [1.4.0] - 2020-08-26
- Config: Remove composer dependencies
- Config: Add connection status check
## [1.3.0] - 2020-06-26
- Config: check for both JITM namespaces
## [1.2.0] - 2020-05-20
- Store the list of active plugins that uses connection in an option
- Implement pre-connection JITMs
- Connection Package: Handle disconnections gracefully
## [1.1.0] - 2020-01-23
- Moved JITM initialization to plugins_loaded.
## [1.0.1] - 2020-01-20
- Move connection manager related logic to after plugins_loaded.
## 1.0.0 - 2020-01-14
- Trying to add deterministic initialization.
[2.0.1]: https://github.com/Automattic/jetpack-config/compare/v2.0.0...v2.0.1
[2.0.0]: https://github.com/Automattic/jetpack-config/compare/v1.15.4...v2.0.0
[1.15.4]: https://github.com/Automattic/jetpack-config/compare/v1.15.3...v1.15.4
[1.15.3]: https://github.com/Automattic/jetpack-config/compare/v1.15.2...v1.15.3
[1.15.2]: https://github.com/Automattic/jetpack-config/compare/v1.15.1...v1.15.2
[1.15.1]: https://github.com/Automattic/jetpack-config/compare/v1.15.0...v1.15.1
[1.15.0]: https://github.com/Automattic/jetpack-config/compare/v1.14.0...v1.15.0
[1.14.0]: https://github.com/Automattic/jetpack-config/compare/v1.13.0...v1.14.0
[1.13.0]: https://github.com/Automattic/jetpack-config/compare/v1.12.0...v1.13.0
[1.12.0]: https://github.com/Automattic/jetpack-config/compare/v1.11.1...v1.12.0
[1.11.1]: https://github.com/Automattic/jetpack-config/compare/v1.11.0...v1.11.1
[1.11.0]: https://github.com/Automattic/jetpack-config/compare/v1.10.0...v1.11.0
[1.10.0]: https://github.com/Automattic/jetpack-config/compare/v1.9.6...v1.10.0
[1.9.6]: https://github.com/Automattic/jetpack-config/compare/v1.9.5...v1.9.6
[1.9.5]: https://github.com/Automattic/jetpack-config/compare/v1.9.4...v1.9.5
[1.9.4]: https://github.com/Automattic/jetpack-config/compare/v1.9.3...v1.9.4
[1.9.3]: https://github.com/Automattic/jetpack-config/compare/v1.9.2...v1.9.3
[1.9.2]: https://github.com/Automattic/jetpack-config/compare/v1.9.1...v1.9.2
[1.9.1]: https://github.com/Automattic/jetpack-config/compare/v1.9.0...v1.9.1
[1.9.0]: https://github.com/Automattic/jetpack-config/compare/v1.8.0...v1.9.0
[1.8.0]: https://github.com/Automattic/jetpack-config/compare/v1.7.2...v1.8.0
[1.7.2]: https://github.com/Automattic/jetpack-config/compare/v1.7.1...v1.7.2
[1.7.1]: https://github.com/Automattic/jetpack-config/compare/v1.7.0...v1.7.1
[1.7.0]: https://github.com/Automattic/jetpack-config/compare/v1.6.1...v1.7.0
[1.6.1]: https://github.com/Automattic/jetpack-config/compare/v1.6.0...v1.6.1
[1.6.0]: https://github.com/Automattic/jetpack-config/compare/v1.5.4...v1.6.0
[1.5.4]: https://github.com/Automattic/jetpack-config/compare/v1.5.3...v1.5.4
[1.5.3]: https://github.com/Automattic/jetpack-config/compare/v1.5.2...v1.5.3
[1.5.2]: https://github.com/Automattic/jetpack-config/compare/v1.5.1...v1.5.2
[1.5.1]: https://github.com/Automattic/jetpack-config/compare/v1.5.0...v1.5.1
[1.5.0]: https://github.com/Automattic/jetpack-config/compare/v1.4.7...v1.5.0
[1.4.7]: https://github.com/Automattic/jetpack-config/compare/v1.4.6...v1.4.7
[1.4.6]: https://github.com/Automattic/jetpack-config/compare/v1.4.5...v1.4.6
[1.4.5]: https://github.com/Automattic/jetpack-config/compare/v1.4.4...v1.4.5
[1.4.4]: https://github.com/Automattic/jetpack-config/compare/v1.4.3...v1.4.4
[1.4.3]: https://github.com/Automattic/jetpack-config/compare/v1.4.2...v1.4.3
[1.4.2]: https://github.com/Automattic/jetpack-config/compare/v1.4.1...v1.4.2
[1.4.1]: https://github.com/Automattic/jetpack-config/compare/v1.4.0...v1.4.1
[1.4.0]: https://github.com/Automattic/jetpack-config/compare/v1.3.0...v1.4.0
[1.3.0]: https://github.com/Automattic/jetpack-config/compare/v1.2.0...v1.3.0
[1.2.0]: https://github.com/Automattic/jetpack-config/compare/v1.1.0...v1.2.0
[1.1.0]: https://github.com/Automattic/jetpack-config/compare/v1.0.1...v1.1.0
[1.0.1]: https://github.com/Automattic/jetpack-config/compare/v1.0.0...v1.0.1

357
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-config/LICENSE.txt
View File

@ -1,357 +0,0 @@
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
===================================
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

47
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-config/SECURITY.md
View File

@ -1,47 +0,0 @@
# Security Policy
Full details of the Automattic Security Policy can be found on [automattic.com](https://automattic.com/security/).
## Supported Versions
Generally, only the latest version of Jetpack and its associated plugins have continued support. If a critical vulnerability is found in the current version of a plugin, we may opt to backport any patches to previous versions.
## Reporting a Vulnerability
Our HackerOne program covers the below plugin software, as well as a variety of related projects and infrastructure:
* [Jetpack](https://jetpack.com/)
* Jetpack Backup
* Jetpack Boost
* Jetpack CRM
* Jetpack Protect
* Jetpack Search
* Jetpack Social
* Jetpack VideoPress
**For responsible disclosure of security issues and to be eligible for our bug bounty program, please submit your report via the [HackerOne](https://hackerone.com/automattic) portal.**
Our most critical targets are:
* Jetpack and the Jetpack composer packages (all within this repo)
* Jetpack.com -- the primary marketing site.
* cloud.jetpack.com -- a management site.
* wordpress.com -- the shared management site for both Jetpack and WordPress.com sites.
For more targets, see the `In Scope` section on [HackerOne](https://hackerone.com/automattic).
_Please note that the **WordPress software is a separate entity** from Automattic. Please report vulnerabilities for WordPress through [the WordPress Foundation's HackerOne page](https://hackerone.com/wordpress)._
## Guidelines
We're committed to working with security researchers to resolve the vulnerabilities they discover. You can help us by following these guidelines:
* Follow [HackerOne's disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
* Pen-testing Production:
* Please **setup a local environment** instead whenever possible. Most of our code is open source (see above).
* If that's not possible, **limit any data access/modification** to the bare minimum necessary to reproduce a PoC.
* **_Don't_ automate form submissions!** That's very annoying for us, because it adds extra work for the volunteers who manage those systems, and reduces the signal/noise ratio in our communication channels.
* To be eligible for a bounty, all of these guidelines must be followed.
* Be Patient - Give us a reasonable time to correct the issue before you disclose the vulnerability.
We also expect you to comply with all applicable laws. You're responsible to pay any taxes associated with your bounties.

33
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-config/composer.json
View File

@ -1,33 +0,0 @@
{
"name": "automattic/jetpack-config",
"description": "Jetpack configuration package that initializes other packages and configures Jetpack's functionality. Can be used as a base for all variants of Jetpack package usage.",
"type": "jetpack-library",
"license": "GPL-2.0-or-later",
"require": {
"php": ">=7.0"
},
"require-dev": {
"automattic/jetpack-changelogger": "^4.1.1"
},
"suggest": {
"automattic/jetpack-autoloader": "Allow for better interoperability with other plugins that use this package."
},
"autoload": {
"classmap": [
"src/"
]
},
"minimum-stability": "dev",
"prefer-stable": true,
"extra": {
"autotagger": true,
"mirror-repo": "Automattic/jetpack-config",
"textdomain": "jetpack-config",
"changelogger": {
"link-template": "https://github.com/Automattic/jetpack-config/compare/v${old}...v${new}"
},
"branch-alias": {
"dev-trunk": "2.0.x-dev"
}
}
}

454
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-config/src/class-config.php
View File

@ -1,454 +0,0 @@
<?php
/**
* The base Jetpack configuration class file.
*
* @package automattic/jetpack-config
*/
namespace Automattic\Jetpack;
/*
* The Config package does not require the composer packages that
* contain the package classes shown below. The consumer plugin
* must require the corresponding packages to use these features.
*/
use Automattic\Jetpack\Connection\Manager;
use Automattic\Jetpack\Connection\Plugin;
use Automattic\Jetpack\Import\Main as Import_Main;
use Automattic\Jetpack\JITMS\JITM as JITMS_JITM;
use Automattic\Jetpack\Post_List\Post_List;
use Automattic\Jetpack\Publicize\Publicize_Setup;
use Automattic\Jetpack\Search\Initializer as Jetpack_Search_Main;
use Automattic\Jetpack\Stats\Main as Stats_Main;
use Automattic\Jetpack\Stats_Admin\Main as Stats_Admin_Main;
use Automattic\Jetpack\Sync\Main as Sync_Main;
use Automattic\Jetpack\VideoPress\Initializer as VideoPress_Pkg_Initializer;
use Automattic\Jetpack\Waf\Waf_Initializer as Jetpack_Waf_Main;
use Automattic\Jetpack\WordAds\Initializer as Jetpack_WordAds_Main;
/**
* The configuration class.
*/
class Config {
const FEATURE_ENSURED = 1;
const FEATURE_NOT_AVAILABLE = 0;
const FEATURE_ALREADY_ENSURED = -1;
/**
* The initial setting values.
*
* @var Array
*/
protected $config = array(
'jitm' => false,
'connection' => false,
'sync' => false,
'post_list' => false,
'identity_crisis' => false,
'search' => false,
'publicize' => false,
'wordads' => false,
'waf' => false,
'videopress' => false,
'stats' => false,
'stats_admin' => false,
'yoast_promo' => false,
'import' => false,
);
/**
* Initialization options stored here.
*
* @var array
*/
protected $feature_options = array();
/**
* Creates the configuration class instance.
*/
public function __construct() {
/**
* Adding the config handler to run on priority 2 because the class itself is
* being constructed on priority 1.
*/
add_action( 'plugins_loaded', array( $this, 'on_plugins_loaded' ), 2 );
}
/**
* Require a feature to be initialized. It's up to the package consumer to actually add
* the package to their composer project. Declaring a requirement using this method
* instructs the class to initialize it.
*
* Run the options method (if exists) every time the method is called.
*
* @param String $feature the feature slug.
* @param array $options Additional options, optional.
*/
public function ensure( $feature, array $options = array() ) {
$this->config[ $feature ] = true;
$this->set_feature_options( $feature, $options );
$method_options = 'ensure_options_' . $feature;
if ( method_exists( $this, $method_options ) ) {
$this->{ $method_options }();
}
}
/**
* Runs on plugins_loaded hook priority with priority 2.
*
* @action plugins_loaded
*/
public function on_plugins_loaded() {
if ( $this->config['connection'] ) {
$this->ensure_class( 'Automattic\Jetpack\Connection\Manager' )
&& $this->ensure_feature( 'connection' );
}
if ( $this->config['sync'] ) {
$this->ensure_class( 'Automattic\Jetpack\Sync\Main' )
&& $this->ensure_feature( 'sync' );
}
if ( $this->config['jitm'] ) {
// Check for the JITM class in both namespaces. The namespace was changed in jetpack-jitm v1.6.
( $this->ensure_class( 'Automattic\Jetpack\JITMS\JITM', false )
|| $this->ensure_class( 'Automattic\Jetpack\JITM' ) )
&& $this->ensure_feature( 'jitm' );
}
if ( $this->config['post_list'] ) {
$this->ensure_class( 'Automattic\Jetpack\Post_List\Post_List' )
&& $this->ensure_feature( 'post_list' );
}
if ( $this->config['identity_crisis'] ) {
$this->ensure_class( 'Automattic\Jetpack\Identity_Crisis' )
&& $this->ensure_feature( 'identity_crisis' );
}
if ( $this->config['search'] ) {
$this->ensure_class( 'Automattic\Jetpack\Search\Initializer' )
&& $this->ensure_feature( 'search' );
}
if ( $this->config['publicize'] ) {
$this->ensure_class( 'Automattic\Jetpack\Publicize\Publicize_UI' ) && $this->ensure_class( 'Automattic\Jetpack\Publicize\Publicize' )
&& $this->ensure_feature( 'publicize' );
}
if ( $this->config['wordads'] ) {
$this->ensure_class( 'Automattic\Jetpack\WordAds\Initializer' )
&& $this->ensure_feature( 'wordads' );
}
if ( $this->config['waf'] ) {
$this->ensure_class( 'Automattic\Jetpack\Waf\Waf_Initializer' )
&& $this->ensure_feature( 'waf' );
}
if ( $this->config['videopress'] ) {
$this->ensure_class( 'Automattic\Jetpack\VideoPress\Initializer' ) && $this->ensure_feature( 'videopress' );
}
if ( $this->config['stats'] ) {
$this->ensure_class( 'Automattic\Jetpack\Stats\Main' ) && $this->ensure_feature( 'stats' );
}
if ( $this->config['stats_admin'] ) {
$this->ensure_class( 'Automattic\Jetpack\Stats_Admin\Main' ) && $this->ensure_feature( 'stats_admin' );
}
if ( $this->config['yoast_promo'] ) {
$this->ensure_class( 'Automattic\Jetpack\Yoast_Promo' ) && $this->ensure_feature( 'yoast_promo' );
}
if ( $this->config['import'] ) {
$this->ensure_class( 'Automattic\Jetpack\Import\Main' )
&& $this->ensure_feature( 'import' );
}
}
/**
* Returns true if the required class is available and alerts the user if it's not available
* in case the site is in debug mode.
*
* @param String $classname a fully qualified class name.
* @param Boolean $log_notice whether the E_USER_NOTICE should be generated if the class is not found.
*
* @return Boolean whether the class is available.
*/
protected function ensure_class( $classname, $log_notice = true ) {
$available = class_exists( $classname );
if ( $log_notice && ! $available && defined( 'WP_DEBUG' ) && WP_DEBUG ) {
trigger_error( // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_trigger_error
sprintf(
/* translators: %1$s is a PHP class name. */
esc_html__(
'Unable to load class %1$s. Please add the package that contains it using composer and make sure you are requiring the Jetpack autoloader',
'jetpack-config'
),
esc_html( $classname )
),
E_USER_NOTICE
);
}
return $available;
}
/**
* Ensures a feature is enabled, sets it up if it hasn't already been set up.
*
* @param String $feature slug of the feature.
* @return Integer either FEATURE_ENSURED, FEATURE_ALREADY_ENSURED or FEATURE_NOT_AVAILABLE constants.
*/
protected function ensure_feature( $feature ) {
$method = 'enable_' . $feature;
if ( ! method_exists( $this, $method ) ) {
return self::FEATURE_NOT_AVAILABLE;
}
if ( did_action( 'jetpack_feature_' . $feature . '_enabled' ) ) {
return self::FEATURE_ALREADY_ENSURED;
}
$this->{ $method }();
/**
* Fires when a specific Jetpack package feature is initalized using the Config package.
*
* @since 1.1.0
*/
do_action( 'jetpack_feature_' . $feature . '_enabled' );
return self::FEATURE_ENSURED;
}
/**
* Enables the JITM feature.
*/
protected function enable_jitm() {
if ( class_exists( 'Automattic\Jetpack\JITMS\JITM' ) ) {
JITMS_JITM::configure();
} else {
// Provides compatibility with jetpack-jitm <v1.6.
JITM::configure();
}
return true;
}
/**
* Enables the Post_List feature.
*/
protected function enable_post_list() {
Post_List::configure();
return true;
}
/**
* Enables the Sync feature.
*/
protected function enable_sync() {
Sync_Main::configure();
return true;
}
/**
* Enables the Connection feature.
*/
protected function enable_connection() {
Manager::configure();
return true;
}
/**
* Enables the identity-crisis feature.
*/
protected function enable_identity_crisis() {
Identity_Crisis::init();
}
/**
* Enables the search feature.
*/
protected function enable_search() {
Jetpack_Search_Main::init();
}
/**
* Enables the Publicize feature.
*/
protected function enable_publicize() {
Publicize_Setup::configure();
return true;
}
/**
* Handles Publicize options.
*/
protected function ensure_options_publicize() {
$options = $this->get_feature_options( 'publicize' );
if ( ! empty( $options['force_refresh'] ) ) {
Publicize_Setup::$refresh_plan_info = true;
}
}
/**
* Enables WordAds.
*/
protected function enable_wordads() {
Jetpack_WordAds_Main::init();
}
/**
* Enables Waf.
*/
protected function enable_waf() {
Jetpack_Waf_Main::init();
return true;
}
/**
* Enables VideoPress.
*/
protected function enable_videopress() {
VideoPress_Pkg_Initializer::init();
return true;
}
/**
* Enables Stats.
*/
protected function enable_stats() {
Stats_Main::init();
return true;
}
/**
* Enables Stats Admin.
*/
protected function enable_stats_admin() {
Stats_Admin_Main::init();
return true;
}
/**
* Handles VideoPress options
*/
protected function ensure_options_videopress() {
$options = $this->get_feature_options( 'videopress' );
if ( ! empty( $options ) ) {
VideoPress_Pkg_Initializer::update_init_options( $options );
}
return true;
}
/**
* Enables Yoast Promo.
*/
protected function enable_yoast_promo() {
Yoast_Promo::init();
return true;
}
/**
* Enables the Import feature.
*/
protected function enable_import() {
Import_Main::configure();
return true;
}
/**
* Setup the Connection options.
*/
protected function ensure_options_connection() {
$options = $this->get_feature_options( 'connection' );
if ( ! empty( $options['slug'] ) ) {
// The `slug` and `name` are removed from the options because they need to be passed as arguments.
$slug = $options['slug'];
unset( $options['slug'] );
$name = $slug;
if ( ! empty( $options['name'] ) ) {
$name = $options['name'];
unset( $options['name'] );
}
( new Plugin( $slug ) )->add( $name, $options );
}
return true;
}
/**
* Setup the Identity Crisis options.
*
* @return bool
*/
protected function ensure_options_identity_crisis() {
$options = $this->get_feature_options( 'identity_crisis' );
if ( is_array( $options ) && count( $options ) ) {
add_filter(
'jetpack_idc_consumers',
function ( $consumers ) use ( $options ) {
$consumers[] = $options;
return $consumers;
}
);
}
return true;
}
/**
* Setup the Sync options.
*/
protected function ensure_options_sync() {
$options = $this->get_feature_options( 'sync' );
if ( method_exists( 'Automattic\Jetpack\Sync\Main', 'set_sync_data_options' ) ) {
Sync_Main::set_sync_data_options( $options );
}
return true;
}
/**
* Temporary save initialization options for a feature.
*
* @param string $feature The feature slug.
* @param array $options The options.
*
* @return bool
*/
protected function set_feature_options( $feature, array $options ) {
if ( $options ) {
$this->feature_options[ $feature ] = $options;
}
return true;
}
/**
* Get initialization options for a feature from the temporary storage.
*
* @param string $feature The feature slug.
*
* @return array
*/
protected function get_feature_options( $feature ) {
return empty( $this->feature_options[ $feature ] ) ? array() : $this->feature_options[ $feature ];
}
}

1178
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/CHANGELOG.md
View File

File diff suppressed because it is too large Load Diff

357
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/LICENSE.txt
View File

@ -1,357 +0,0 @@
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
===================================
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

47
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/SECURITY.md
View File

@ -1,47 +0,0 @@
# Security Policy
Full details of the Automattic Security Policy can be found on [automattic.com](https://automattic.com/security/).
## Supported Versions
Generally, only the latest version of Jetpack and its associated plugins have continued support. If a critical vulnerability is found in the current version of a plugin, we may opt to backport any patches to previous versions.
## Reporting a Vulnerability
Our HackerOne program covers the below plugin software, as well as a variety of related projects and infrastructure:
* [Jetpack](https://jetpack.com/)
* Jetpack Backup
* Jetpack Boost
* Jetpack CRM
* Jetpack Protect
* Jetpack Search
* Jetpack Social
* Jetpack VideoPress
**For responsible disclosure of security issues and to be eligible for our bug bounty program, please submit your report via the [HackerOne](https://hackerone.com/automattic) portal.**
Our most critical targets are:
* Jetpack and the Jetpack composer packages (all within this repo)
* Jetpack.com -- the primary marketing site.
* cloud.jetpack.com -- a management site.
* wordpress.com -- the shared management site for both Jetpack and WordPress.com sites.
For more targets, see the `In Scope` section on [HackerOne](https://hackerone.com/automattic).
_Please note that the **WordPress software is a separate entity** from Automattic. Please report vulnerabilities for WordPress through [the WordPress Foundation's HackerOne page](https://hackerone.com/wordpress)._
## Guidelines
We're committed to working with security researchers to resolve the vulnerabilities they discover. You can help us by following these guidelines:
* Follow [HackerOne's disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
* Pen-testing Production:
* Please **setup a local environment** instead whenever possible. Most of our code is open source (see above).
* If that's not possible, **limit any data access/modification** to the bare minimum necessary to reproduce a PoC.
* **_Don't_ automate form submissions!** That's very annoying for us, because it adds extra work for the volunteers who manage those systems, and reduces the signal/noise ratio in our communication channels.
* To be eligible for a bounty, all of these guidelines must be followed.
* Be Patient - Give us a reasonable time to correct the issue before you disclose the vulnerability.
We also expect you to comply with all applicable laws. You're responsible to pay any taxes associated with your bounties.

122
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/TRACKING.md
View File

@ -1,122 +0,0 @@
# Jetpack Tracking package
A package containing functionality to track events to the a8c Tracks system
## Usage
There are several ways to track events using this package.
* Ajax: Probably the easiest one. You can simply add a class to a link and it will be tracked or you can make your own ajax call
* PHP: Track an event on the backend
* Tracking pixel: An alternative way to track events by dynamically adding a pixel to the DOM
### Tracking via Ajax
This is useful to track simple click events without the need of any additional js. Just add the appropriate class to your links and it will be tracked.
#### 1. enqueue script
Note: Not needed if you are using the Jetpack plugin in the admin context as the script is already loaded by Jetpack.
See `Automattic\Jetpack\Tracking::enqueue_tracks_scripts()`
```PHP
add_action( 'admin_enqueue_scripts', array( new Tracking( 'plugin-slug' ), 'enqueue_tracks_scripts' ) );
```
#### 2. Add the class and the event attributes.
Add the `jptracks` class to any `a` element or to its parent element.
The event needs a name. This can be informed with the `data-jptracks-name` attritbute.
```HTML
<a class="jptracks" data-jptracks-name="my-awesome-event">Click me</a>
```
And that's it. Your event will be tracked. Every time this element is clicked an ajax call will be triggered to the Tracking package and it will send it to wpcom.
**Note:** Event name will be automatically prefixed with `jetpack_`.
#### 3. Additional parameters
You can also inform additional parameters to your event using the `data-jptracks-prop` attribute. Anything in this attr will be stored in the `clicked` attribute in the event.
#### 4. Making your own ajax calls
In your JS you can set up your own ajax calls. Example:
```JS
window.jpTracksAJAX.record_ajax_event( 'my_event_name', 'click', { prop1: value1, prop2: value2 } );
```
**Note:** Event name will be automatically prefixed with `jetpack_`.
##### Waiting for the ajax call to complete before doing anything else
If you need to do a subsequent action but wants to wait for this event to be tracked, you can do the following:
```JS
window.jpTracksAJAX
.record_ajax_event( 'my_event_name', 'click', { prop1: value1, prop2: value2 } )
.always( function() {
// do something
} );
```
### Tracking in PHP
Use `Automattic\Jetpack\Tracking::record_user_event()` to track events on the backend.
```PHP
$connection_manager = new Automattic\Jetpack\Connection\Manager( 'plugin-slug' );
$tracking = new Tracking( 'plugin-slug', $connection_manager );
$tracking->record_user_event(
$event_name,
array(
'property_key' => 'value',
)
);
```
### Tracking pixel
This approach to track events uses `//stats.wp.com/w.js` and dynamically adds a tracking pixel to the DOM to do the tracking.
#### 1. Enqueue the scripts
```PHP
Tracking::register_tracks_functions_scripts( true );
```
#### 2. Inform the user data
```PHP
wp_localize_script(
'my_script',
'varname',
array(
'tracksUserData' => Jetpack_Tracks_Client::get_connected_user_tracks_identity(),
)
);
```
#### 3. Track!
In your JS:
```JS
var tracksUser = varname.tracksUserData;
analytics.initialize( tracksUser.userid, tracksUser.username );
analytics.tracks.recordEvent( 'jetpack_my_event_name', { prop1: value1, prop2: value2 } );
```
## Debugging
You can watch your events being tracked in the browser console. In order to activate that, run the following command in the console:
```JS
localStorage.setItem( 'debug', 'dops:analytics*' );
```

68
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/composer.json
View File

@ -1,68 +0,0 @@
{
"name": "automattic/jetpack-connection",
"description": "Everything needed to connect to the Jetpack infrastructure",
"type": "jetpack-library",
"license": "GPL-2.0-or-later",
"require": {
"php": ">=7.0",
"automattic/jetpack-a8c-mc-stats": "^2.0.1",
"automattic/jetpack-admin-ui": "^0.4.1",
"automattic/jetpack-constants": "^2.0.1",
"automattic/jetpack-roles": "^2.0.1",
"automattic/jetpack-status": "^2.1.2",
"automattic/jetpack-redirect": "^2.0.1"
},
"require-dev": {
"automattic/wordbless": "@dev",
"yoast/phpunit-polyfills": "1.1.0",
"brain/monkey": "2.6.1",
"automattic/jetpack-changelogger": "^4.1.2"
},
"suggest": {
"automattic/jetpack-autoloader": "Allow for better interoperability with other plugins that use this package."
},
"autoload": {
"classmap": [
"legacy",
"src/",
"src/webhooks"
]
},
"scripts": {
"build-production": [
"pnpm run build-production"
],
"build-development": [
"pnpm run build"
],
"phpunit": [
"./vendor/phpunit/phpunit/phpunit --colors=always"
],
"post-install-cmd": "WorDBless\\Composer\\InstallDropin::copy",
"post-update-cmd": "WorDBless\\Composer\\InstallDropin::copy",
"test-php": [
"@composer phpunit"
]
},
"minimum-stability": "dev",
"prefer-stable": true,
"extra": {
"autotagger": true,
"mirror-repo": "Automattic/jetpack-connection",
"textdomain": "jetpack-connection",
"version-constants": {
"::PACKAGE_VERSION": "src/class-package-version.php"
},
"changelogger": {
"link-template": "https://github.com/Automattic/jetpack-connection/compare/v${old}...v${new}"
},
"branch-alias": {
"dev-trunk": "2.5.x-dev"
}
},
"config": {
"allow-plugins": {
"roots/wordpress-core-installer": true
}
}
}

1
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/dist/tracks-ajax.asset.php vendored
View File

@ -1 +0,0 @@
<?php return array('dependencies' => array(), 'version' => '2c644cc46566ed615c42');

1
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/dist/tracks-ajax.js vendored
View File

@ -1 +0,0 @@
!function(t,a){window.jpTracksAJAX=window.jpTracksAJAX||{};const c="dops:analytics"===localStorage.getItem("debug");window.jpTracksAJAX.record_ajax_event=function(n,e,r){const o={tracksNonce:a.jpTracksAJAX_nonce,action:"jetpack_tracks",tracksEventType:e,tracksEventName:n,tracksEventProp:r||!1};return t.ajax({type:"POST",url:a.ajaxurl,data:o,success:function(t){c&&console.log("AJAX tracks event recorded: ",o,t)}})},t(document).ready((function(){t("body").on("click",".jptracks a, a.jptracks",(function(a){const c=t(a.target),n=c.closest(".jptracks"),e=n.attr("data-jptracks-name");if(void 0===e)return;const r=n.attr("data-jptracks-prop")||!1,o=c.attr("href"),s=c.get(0).target;let i=null;o&&s&&"_self"!==s&&(i=window.open("",s),i.opener=null),a.preventDefault(),window.jpTracksAJAX.record_ajax_event(e,"click",r).always((function(){if(o&&!c.hasClass("thickbox")){if(i)return void(i.location=o);window.location=o}}))}))}))}(jQuery,jpTracksAJAX);

1
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/dist/tracks-callables.asset.php vendored
View File

@ -1 +0,0 @@
<?php return array('dependencies' => array(), 'version' => 'd9dbf909a3d10fb26f39');

1
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/dist/tracks-callables.js vendored
View File

@ -1 +0,0 @@
(()=>{var e={775:e=>{let n;window._tkq=window._tkq||[];const t=console.error;const o={initialize:function(e,n){o.setUser(e,n),o.identifyUser()},mc:{bumpStat:function(e,n){const t=function(e,n){let t="";if("object"==typeof e)for(const n in e)t+="&x_"+encodeURIComponent(n)+"="+encodeURIComponent(e[n]);else t="&x_"+encodeURIComponent(e)+"="+encodeURIComponent(n);return t}(e,n);(new Image).src=document.location.protocol+"//pixel.wp.com/g.gif?v=wpcom-no-pv"+t+"&t="+Math.random()}},tracks:{recordEvent:function(e,n){n=n||{},0===e.indexOf("jetpack_")?window._tkq.push(["recordEvent",e,n]):t('- Event name must be prefixed by "jetpack_"')},recordPageView:function(e){o.tracks.recordEvent("jetpack_page_view",{path:e})}},setUser:function(e,t){n={ID:e,username:t}},identifyUser:function(){n&&window._tkq.push(["identifyUser",n.ID,n.username])},clearedIdentity:function(){window._tkq.push(["clearIdentity"])}};e.exports=o}},n={};var t=function t(o){var r=n[o];if(void 0!==r)return r.exports;var i=n[o]={exports:{}};return e[o](i,i.exports,t),i.exports}(775);window.analytics=t})();

180
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-ixr-client.php
View File

@ -1,180 +0,0 @@
<?php
/**
* IXR_Client
*
* @package automattic/jetpack-connection
*
* @since 1.7.0
* @since-jetpack 1.5
* @since-jetpack 7.7 Moved to the jetpack-connection package.
*/
use Automattic\Jetpack\Connection\Client;
use Automattic\Jetpack\Connection\Manager;
if ( ! class_exists( IXR_Client::class ) ) {
require_once ABSPATH . WPINC . '/class-IXR.php';
}
/**
* A Jetpack implementation of the WordPress core IXR client.
*/
class Jetpack_IXR_Client extends IXR_Client {
/**
* Jetpack args, used for the remote requests.
*
* @var array
*/
public $jetpack_args = null;
/**
* Remote Response Headers.
*
* @var array
*/
public $response_headers = null;
/**
* Holds the raw remote response from the latest call to query().
*
* @var null|array|WP_Error
*/
public $last_response = null;
/**
* Constructor.
* Initialize a new Jetpack IXR client instance.
*
* @param array $args Jetpack args, used for the remote requests.
* @param string|bool $path Path to perform the reuqest to.
* @param int $port Port number.
* @param int $timeout The connection timeout, in seconds.
*/
public function __construct( $args = array(), $path = false, $port = 80, $timeout = 15 ) {
$connection = new Manager();
$defaults = array(
'url' => $connection->xmlrpc_api_url(),
'user_id' => 0,
'headers' => array(),
);
$args = wp_parse_args( $args, $defaults );
$args['headers'] = array_merge( array( 'Content-Type' => 'text/xml' ), (array) $args['headers'] );
$this->jetpack_args = $args;
$this->IXR_Client( $args['url'], $path, $port, $timeout );
}
/**
* Perform the IXR request.
*
* @param string[] ...$args IXR args.
*
* @return bool True if request succeeded, false otherwise.
*/
public function query( ...$args ) {
$method = array_shift( $args );
$request = new IXR_Request( $method, $args );
$xml = trim( $request->getXml() );
$response = Client::remote_request( $this->jetpack_args, $xml );
// Store response headers.
$this->response_headers = wp_remote_retrieve_headers( $response );
$this->last_response = $response;
if ( is_array( $this->last_response ) && isset( $this->last_response['http_response'] ) ) {
// If the expected array response is received, format the data as plain arrays.
$this->last_response = $this->last_response['http_response']->to_array();
$this->last_response['headers'] = $this->last_response['headers']->getAll();
}
if ( is_wp_error( $response ) ) {
$this->error = new IXR_Error( -10520, sprintf( 'Jetpack: [%s] %s', $response->get_error_code(), $response->get_error_message() ) );
return false;
}
if ( ! $response ) {
$this->error = new IXR_Error( -10520, 'Jetpack: Unknown Error' );
return false;
}
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$this->error = new IXR_Error( -32300, 'transport error - HTTP status code was not 200' );
return false;
}
$content = wp_remote_retrieve_body( $response );
// Now parse what we've got back.
$this->message = new IXR_Message( $content );
if ( ! $this->message->parse() ) {
// XML error.
$this->error = new IXR_Error( -32700, 'parse error. not well formed' );
return false;
}
// Is the message a fault?
if ( 'fault' === $this->message->messageType ) {
$this->error = new IXR_Error( $this->message->faultCode, $this->message->faultString );
return false;
}
// Message must be OK.
return true;
}
/**
* Retrieve the Jetpack error from the result of the last request.
*
* @param int $fault_code Fault code.
* @param string $fault_string Fault string.
* @return WP_Error Error object.
*/
public function get_jetpack_error( $fault_code = null, $fault_string = null ) {
if ( $fault_code === null ) {
$fault_code = $this->error->code;
}
if ( $fault_string === null ) {
$fault_string = $this->error->message;
}
if ( preg_match( '#jetpack:\s+\[(\w+)\]\s*(.*)?$#i', $fault_string, $match ) ) {
$code = $match[1];
$message = $match[2];
$status = $fault_code;
return new \WP_Error( $code, $message, $status );
}
return new \WP_Error( "IXR_{$fault_code}", $fault_string );
}
/**
* Retrieve a response header if set.
*
* @param string $name header name.
* @return string|bool Header value if set, false if not set.
*/
public function get_response_header( $name ) {
if ( isset( $this->response_headers[ $name ] ) ) {
return $this->response_headers[ $name ];
}
// case-insensitive header names: http://www.ietf.org/rfc/rfc2616.txt.
if ( isset( $this->response_headers[ strtolower( $name ) ] ) ) {
return $this->response_headers[ strtolower( $name ) ];
}
return false;
}
/**
* Retrieve the raw response for the last query() call.
*
* @return null|array|WP_Error
*/
public function get_last_response() {
return $this->last_response;
}
}

74
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-ixr-clientmulticall.php
View File

@ -1,74 +0,0 @@
<?php
/**
* IXR_ClientMulticall
*
* @package automattic/jetpack-connection
*
* @since 1.7.0
* @since-jetpack 1.5
* @since-jetpack 7.7 Moved to the jetpack-connection package.
*/
/**
* A Jetpack implementation of the WordPress core IXR client, capable of multiple calls in a single request.
*/
class Jetpack_IXR_ClientMulticall extends Jetpack_IXR_Client {
/**
* Storage for the IXR calls.
*
* @var array
*/
public $calls = array();
/**
* Add a IXR call to the client.
* First argument is the method name.
* The rest of the arguments are the params specified to the method.
*
* @param string[] ...$args IXR args.
*/
public function addCall( ...$args ) {
$method_name = array_shift( $args );
$struct = array(
'methodName' => $method_name,
'params' => $args,
);
$this->calls[] = $struct;
}
/**
* Perform the IXR multicall request.
*
* @param string[] ...$args IXR args.
*
* @return bool True if request succeeded, false otherwise.
*/
public function query( ...$args ) { // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
$this->calls = $this->sort_calls( $this->calls );
// Prepare multicall, then call the parent::query() method.
return parent::query( 'system.multicall', $this->calls );
}
/**
* Sort the IXR calls.
* Make sure syncs are always done first preserving relative order.
*
* @param array $calls Calls to sort.
* @return array Sorted calls.
*/
public function sort_calls( $calls ) {
$sync_calls = array();
$other_calls = array();
foreach ( $calls as $call ) {
if ( 'jetpack.syncContent' === $call['methodName'] ) {
$sync_calls[] = $call;
} else {
$other_calls[] = $call;
}
}
return array_merge( $sync_calls, $other_calls );
}
}

692
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-options.php
View File

@ -1,692 +0,0 @@
<?php
/**
* Legacy Jetpack_Options class.
*
* @package automattic/jetpack-connection
*/
use Automattic\Jetpack\Constants;
/**
* Class Jetpack_Options
*/
class Jetpack_Options {
/**
* An array that maps a grouped option type to an option name.
*
* @var array
*/
private static $grouped_options = array(
'compact' => 'jetpack_options',
'private' => 'jetpack_private_options',
);
/**
* Returns an array of option names for a given type.
*
* @param string $type The type of option to return. Defaults to 'compact'.
*
* @return array
*/
public static function get_option_names( $type = 'compact' ) {
switch ( $type ) {
case 'non-compact':
case 'non_compact':
return array(
'activated',
'active_modules',
'active_modules_initialized', // (bool) used to determine that all the default modules were activated, so we know how to act on a reconnection.
'allowed_xsite_search_ids', // (array) Array of WP.com blog ids that are allowed to search the content of this site
'available_modules',
'do_activate',
'edit_links_calypso_redirect', // (bool) Whether post/page edit links on front end should point to Calypso.
'log',
'slideshow_background_color',
'widget_twitter',
'wpcc_options',
'relatedposts',
'file_data',
'autoupdate_plugins', // (array) An array of plugin ids ( eg. jetpack/jetpack ) that should be autoupdated
'autoupdate_plugins_translations', // (array) An array of plugin ids ( eg. jetpack/jetpack ) that should be autoupdated translation files.
'autoupdate_themes', // (array) An array of theme ids ( eg. twentyfourteen ) that should be autoupdated
'autoupdate_themes_translations', // (array) An array of theme ids ( eg. twentyfourteen ) that should autoupdated translation files.
'autoupdate_core', // (bool) Whether or not to autoupdate core
'autoupdate_translations', // (bool) Whether or not to autoupdate all translations
'json_api_full_management', // (bool) Allow full management (eg. Activate, Upgrade plugins) of the site via the JSON API.
'sync_non_public_post_stati', // (bool) Allow synchronisation of posts and pages with non-public status.
'site_icon_url', // (string) url to the full site icon
'site_icon_id', // (int) Attachment id of the site icon file
'dismissed_manage_banner', // (bool) Dismiss Jetpack manage banner allows the user to dismiss the banner permanently
'unique_connection', // (array) A flag to determine a unique connection to wordpress.com two values "connected" and "disconnected" with values for how many times each has occured
'unique_registrations', // (integer) A counter of how many times the site was registered
'protect_whitelist', // (array) IP Address for the Protect module to ignore
'sync_error_idc', // (bool|array) false or array containing the site's home and siteurl at time of IDC error
'sync_health_status', // (bool|array) An array of data relating to Jetpack's sync health.
'safe_mode_confirmed', // (bool) True if someone confirms that this site was correctly put into safe mode automatically after an identity crisis is discovered.
'migrate_for_idc', // (bool) True if someone confirms that this site should migrate stats and subscribers from its previous URL
'ab_connect_banner_green_bar', // (int) Version displayed of the A/B test for the green bar at the top of the connect banner.
'onboarding', // (string) Auth token to be used in the onboarding connection flow
'tos_agreed', // (bool) Whether or not the TOS for connection has been agreed upon.
'static_asset_cdn_files', // (array) An nested array of files that we can swap out for cdn versions.
'mapbox_api_key', // (string) Mapbox API Key, for use with Map block.
'mailchimp', // (string) Mailchimp keyring data, for mailchimp block.
'xmlrpc_errors', // (array) Keys are XML-RPC signature error codes. Values are truthy.
'dismissed_wizard_banner', // (int) (DEPRECATED) True if the Wizard banner has been dismissed.
);
case 'private':
return array(
'blog_token', // (string) The Client Secret/Blog Token of this site.
'user_token', // (string) The User Token of this site. (deprecated)
'user_tokens', // (array) User Tokens for each user of this site who has connected to jetpack.wordpress.com.
'purchase_token', // (string) Token for logged out user purchases.
'token_lock', // (string) Token lock in format `expiration_date|||site_url`.
);
case 'network':
return array(
'onboarding', // (string) Auth token to be used in the onboarding connection flow
'file_data', // (array) List of absolute paths to all Jetpack modules
);
}
return array(
'id', // (int) The Client ID/WP.com Blog ID of this site.
'publicize_connections', // (array) An array of Publicize connections from WordPress.com.
'master_user', // (int) The local User ID of the user who connected this site to jetpack.wordpress.com.
'version', // (string) Used during upgrade procedure to auto-activate new modules. version:time.
'old_version', // (string) Used to determine which modules are the most recently added. previous_version:time.
'fallback_no_verify_ssl_certs', // (int) Flag for determining if this host must skip SSL Certificate verification due to misconfigured SSL.
'time_diff', // (int) Offset between Jetpack server's clocks and this server's clocks. Jetpack Server Time = time() + (int) Jetpack_Options::get_option( 'time_diff' )
'public', // (int|bool) If we think this site is public or not (1, 0), false if we haven't yet tried to figure it out.
'videopress', // (array) VideoPress options array.
'is_network_site', // (int|bool) If we think this site is a network or a single blog (1, 0), false if we haven't yet tried to figue it out.
'social_links', // (array) The specified links for each social networking site.
'identity_crisis_whitelist', // (array) An array of options, each having an array of the values whitelisted for it.
'gplus_authors', // (array) The Google+ authorship information for connected users.
'last_heartbeat', // (int) The timestamp of the last heartbeat that fired.
'hide_jitm', // (array) A list of just in time messages that we should not show because they have been dismissed by the user.
'custom_css_4.7_migration', // (bool) Whether Custom CSS has scanned for and migrated any legacy CSS CPT entries to the new Core format.
'image_widget_migration', // (bool) Whether any legacy Image Widgets have been converted to the new Core widget.
'gallery_widget_migration', // (bool) Whether any legacy Gallery Widgets have been converted to the new Core widget.
'sso_first_login', // (bool) Is this the first time the user logins via SSO.
'dismissed_hints', // (array) Part of Plugin Search Hints. List of cards that have been dismissed.
'first_admin_view', // (bool) Set to true the first time the user views the admin. Usually after the initial connection.
'setup_wizard_questionnaire', // (array) (DEPRECATED) List of user choices from the setup wizard.
'setup_wizard_status', // (string) (DEPRECATED) Status of the setup wizard.
'licensing_error', // (string) Last error message occurred while attaching licenses that is yet to be surfaced to the user.
'recommendations_data', // (array) The user choice and other data for the recommendations.
'recommendations_step', // (string) The current step of the recommendations.
'recommendations_conditional', // (array) An array of action-based recommendations.
'licensing_activation_notice_dismiss', // (array) The `last_detached_count` and the `last_dismissed_time` for the user-license activation notice.
'has_seen_wc_connection_modal', // (bool) Whether the site has displayed the WooCommerce Connection modal
'partner_coupon', // (string) A Jetpack partner issued coupon to promote a sale together with Jetpack.
'partner_coupon_added', // (string) A date for when `partner_coupon` was added, so we can auto-purge after a certain time interval.
'dismissed_backup_review_restore', // (bool) Determines if the component review request is dismissed for successful restore requests.
'dismissed_backup_review_backups', // (bool) Determines if the component review request is dismissed for successful backup requests.
'identity_crisis_url_secret', // (array) The IDC URL secret and its expiration date.
'identity_crisis_ip_requester', // (array) The IDC IP address and its expiration date.
'dismissed_welcome_banner', // (bool) Determines if the welcome banner has been dismissed or not.
);
}
/**
* Is the option name valid?
*
* @param string $name The name of the option.
* @param string|null $group The name of the group that the option is in. Default to null, which will search non_compact.
*
* @return bool Is the option name valid?
*/
public static function is_valid( $name, $group = null ) {
if ( is_array( $name ) ) {
$compact_names = array();
foreach ( array_keys( self::$grouped_options ) as $_group ) {
$compact_names = array_merge( $compact_names, self::get_option_names( $_group ) );
}
$result = array_diff( $name, self::get_option_names( 'non_compact' ), $compact_names );
return empty( $result );
}
if ( $group === null || 'non_compact' === $group ) {
if ( in_array( $name, self::get_option_names( $group ), true ) ) {
return true;
}
}
foreach ( array_keys( self::$grouped_options ) as $_group ) {
if ( $group === null || $group === $_group ) {
if ( in_array( $name, self::get_option_names( $_group ), true ) ) {
return true;
}
}
}
return false;
}
/**
* Checks if an option must be saved for the whole network in WP Multisite
*
* @param string $option_name Option name. It must come _without_ `jetpack_%` prefix. The method will prefix the option name.
*
* @return bool
*/
public static function is_network_option( $option_name ) {
if ( ! is_multisite() ) {
return false;
}
return in_array( $option_name, self::get_option_names( 'network' ), true );
}
/**
* Filters the requested option.
* This is a wrapper around `get_option_from_database` so that we can filter the option.
*
* @param string $name Option name. It must come _without_ `jetpack_%` prefix. The method will prefix the option name.
* @param mixed $default (optional).
*
* @return mixed
*/
public static function get_option( $name, $default = false ) {
/**
* Filter Jetpack Options.
* Can be useful in environments when Jetpack is running with a different setup
*
* @since 1.7.0
*
* @param string $value The value from the database.
* @param string $name Option name, _without_ `jetpack_%` prefix.
* @return string $value, unless the filters modify it.
*/
return apply_filters( 'jetpack_options', self::get_option_from_database( $name, $default ), $name );
}
/**
* Returns the requested option. Looks in jetpack_options or jetpack_$name as appropriate.
*
* @param string $name Option name. It must come _without_ `jetpack_%` prefix. The method will prefix the option name.
* @param mixed $default (optional).
*
* @return mixed
*/
private static function get_option_from_database( $name, $default = false ) {
if ( self::is_valid( $name, 'non_compact' ) ) {
if ( self::is_network_option( $name ) ) {
return get_site_option( "jetpack_$name", $default );
}
return get_option( "jetpack_$name", $default );
}
foreach ( array_keys( self::$grouped_options ) as $group ) {
if ( self::is_valid( $name, $group ) ) {
return self::get_grouped_option( $group, $name, $default );
}
}
trigger_error( sprintf( 'Invalid Jetpack option name: %s', esc_html( $name ) ), E_USER_WARNING ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_trigger_error -- Don't wish to change legacy behavior.
return $default;
}
/**
* Returns the requested option, and ensures it's autoloaded in the future.
* This does _not_ adjust the prefix in any way (does not prefix jetpack_%)
*
* @param string $name Option name.
* @param mixed $default (optional).
*
* @return mixed
*/
public static function get_option_and_ensure_autoload( $name, $default ) {
// In this function the name is not adjusted by prefixing jetpack_
// so if it has already prefixed, we'll replace it and then
// check if the option name is a network option or not.
$jetpack_name = preg_replace( '/^jetpack_/', '', $name, 1 );
$is_network_option = self::is_network_option( $jetpack_name );
$value = $is_network_option ? get_site_option( $name ) : get_option( $name );
if ( false === $value && false !== $default ) {
if ( $is_network_option ) {
add_site_option( $name, $default );
} else {
add_option( $name, $default );
}
$value = $default;
}
return $value;
}
/**
* Update grouped option
*
* @param string $group Options group.
* @param string $name Options name.
* @param mixed $value Options value.
*
* @return bool Success or failure.
*/
private static function update_grouped_option( $group, $name, $value ) {
$options = get_option( self::$grouped_options[ $group ] );
if ( ! is_array( $options ) ) {
$options = array();
}
$options[ $name ] = $value;
return update_option( self::$grouped_options[ $group ], $options );
}
/**
* Updates the single given option. Updates jetpack_options or jetpack_$name as appropriate.
*
* @param string $name Option name. It must come _without_ `jetpack_%` prefix. The method will prefix the option name.
* @param mixed $value Option value.
* @param string $autoload If not compact option, allows specifying whether to autoload or not.
*
* @return bool Was the option successfully updated?
*/
public static function update_option( $name, $value, $autoload = null ) {
/**
* Fires before Jetpack updates a specific option.
*
* @since 1.1.2
* @since-jetpack 3.0.0
*
* @param str $name The name of the option being updated.
* @param mixed $value The new value of the option.
*/
do_action( 'pre_update_jetpack_option_' . $name, $name, $value );
if ( self::is_valid( $name, 'non_compact' ) ) {
if ( self::is_network_option( $name ) ) {
return update_site_option( "jetpack_$name", $value );
}
return update_option( "jetpack_$name", $value, $autoload );
}
foreach ( array_keys( self::$grouped_options ) as $group ) {
if ( self::is_valid( $name, $group ) ) {
return self::update_grouped_option( $group, $name, $value );
}
}
trigger_error( sprintf( 'Invalid Jetpack option name: %s', esc_html( $name ) ), E_USER_WARNING ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_trigger_error -- Don't want to change legacy behavior.
return false;
}
/**
* Updates the multiple given options. Updates jetpack_options and/or jetpack_$name as appropriate.
*
* @param array $array array( option name => option value, ... ).
*/
public static function update_options( $array ) {
$names = array_keys( $array );
foreach ( array_diff( $names, self::get_option_names(), self::get_option_names( 'non_compact' ), self::get_option_names( 'private' ) ) as $unknown_name ) {
trigger_error( sprintf( 'Invalid Jetpack option name: %s', esc_html( $unknown_name ) ), E_USER_WARNING ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_trigger_error -- Don't change legacy behavior.
unset( $array[ $unknown_name ] );
}
foreach ( $names as $name ) {
self::update_option( $name, $array[ $name ] );
}
}
/**
* Deletes the given option. May be passed multiple option names as an array.
* Updates jetpack_options and/or deletes jetpack_$name as appropriate.
*
* @param string|array $names Option names. They must come _without_ `jetpack_%` prefix. The method will prefix the option names.
*
* @return bool Was the option successfully deleted?
*/
public static function delete_option( $names ) {
$result = true;
$names = (array) $names;
if ( ! self::is_valid( $names ) ) {
// phpcs:disable -- This line triggers a handful of errors; ignoring to avoid changing legacy behavior.
trigger_error( sprintf( 'Invalid Jetpack option names: %s', print_r( $names, 1 ) ), E_USER_WARNING );
// phpcs:enable
return false;
}
foreach ( array_intersect( $names, self::get_option_names( 'non_compact' ) ) as $name ) {
if ( self::is_network_option( $name ) ) {
$result = delete_site_option( "jetpack_$name" );
} else {
$result = delete_option( "jetpack_$name" );
}
}
foreach ( array_keys( self::$grouped_options ) as $group ) {
if ( ! self::delete_grouped_option( $group, $names ) ) {
$result = false;
}
}
return $result;
}
/**
* Get group option.
*
* @param string $group Option group name.
* @param string $name Option name.
* @param mixed $default Default option value.
*
* @return mixed Option.
*/
private static function get_grouped_option( $group, $name, $default ) {
$options = get_option( self::$grouped_options[ $group ] );
if ( is_array( $options ) && isset( $options[ $name ] ) ) {
return $options[ $name ];
}
return $default;
}
/**
* Delete grouped option.
*
* @param string $group Option group name.
* @param array $names Option names.
*
* @return bool Success or failure.
*/
private static function delete_grouped_option( $group, $names ) {
$options = get_option( self::$grouped_options[ $group ], array() );
$to_delete = array_intersect( $names, self::get_option_names( $group ), array_keys( $options ) );
if ( $to_delete ) {
foreach ( $to_delete as $name ) {
unset( $options[ $name ] );
}
return update_option( self::$grouped_options[ $group ], $options );
}
return true;
}
/*
* Raw option methods allow Jetpack to get / update / delete options via direct DB queries, including options
* that are not created by the Jetpack plugin. This is helpful only in rare cases when we need to bypass
* cache and filters.
*/
/**
* Deletes an option via $wpdb query.
*
* @param string $name Option name.
*
* @return bool Is the option deleted?
*/
public static function delete_raw_option( $name ) {
if ( self::bypass_raw_option( $name ) ) {
return delete_option( $name );
}
global $wpdb;
$result = $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->options WHERE option_name = %s", $name ) );
return $result;
}
/**
* Updates an option via $wpdb query.
*
* @param string $name Option name.
* @param mixed $value Option value.
* @param bool $autoload Specifying whether to autoload or not.
*
* @return bool Is the option updated?
*/
public static function update_raw_option( $name, $value, $autoload = false ) {
if ( self::bypass_raw_option( $name ) ) {
return update_option( $name, $value, $autoload );
}
global $wpdb;
$autoload_value = $autoload ? 'yes' : 'no';
$old_value = $wpdb->get_var(
$wpdb->prepare(
"SELECT option_value FROM $wpdb->options WHERE option_name = %s LIMIT 1",
$name
)
);
if ( $old_value === $value ) {
return false;
}
$serialized_value = maybe_serialize( $value );
// below we used "insert ignore" to at least suppress the resulting error.
$updated_num = $wpdb->query(
$wpdb->prepare(
"UPDATE $wpdb->options SET option_value = %s WHERE option_name = %s",
$serialized_value,
$name
)
);
// Try inserting the option if the value doesn't exits.
if ( ! $updated_num ) {
$updated_num = $wpdb->query(
$wpdb->prepare(
"INSERT IGNORE INTO $wpdb->options ( option_name, option_value, autoload ) VALUES ( %s, %s, %s )",
$name,
$serialized_value,
$autoload_value
)
);
}
return (bool) $updated_num;
}
/**
* Gets an option via $wpdb query.
*
* @since 1.1.2
* @since-jetpack 5.4.0
*
* @param string $name Option name.
* @param mixed $default Default option value if option is not found.
*
* @return mixed Option value, or null if option is not found and default is not specified.
*/
public static function get_raw_option( $name, $default = null ) {
if ( self::bypass_raw_option( $name ) ) {
return get_option( $name, $default );
}
global $wpdb;
$value = $wpdb->get_var(
$wpdb->prepare(
"SELECT option_value FROM $wpdb->options WHERE option_name = %s LIMIT 1",
$name
)
);
$value = maybe_unserialize( $value );
if ( null === $value && null !== $default ) {
return $default;
}
return $value;
}
/**
* This function checks for a constant that, if present, will disable direct DB queries Jetpack uses to manage certain options and force Jetpack to always use Options API instead.
* Options can be selectively managed via a blocklist by filtering option names via the jetpack_disabled_raw_option filter.
*
* @param string $name Option name.
*
* @return bool
*/
public static function bypass_raw_option( $name ) {
if ( Constants::get_constant( 'JETPACK_DISABLE_RAW_OPTIONS' ) ) {
return true;
}
/**
* Allows to disable particular raw options.
*
* @since 1.1.2
* @since-jetpack 5.5.0
*
* @param array $disabled_raw_options An array of option names that you can selectively blocklist from being managed via direct database queries.
*/
$disabled_raw_options = apply_filters( 'jetpack_disabled_raw_options', array() );
return isset( $disabled_raw_options[ $name ] );
}
/**
* Gets all known options that are used by Jetpack and managed by Jetpack_Options.
*
* @since 1.1.2
* @since-jetpack 5.4.0
*
* @param boolean $strip_unsafe_options If true, and by default, will strip out options necessary for the connection to WordPress.com.
* @return array An array of all options managed via the Jetpack_Options class.
*/
public static function get_all_jetpack_options( $strip_unsafe_options = true ) {
$jetpack_options = self::get_option_names();
$jetpack_options_non_compat = self::get_option_names( 'non_compact' );
$jetpack_options_private = self::get_option_names( 'private' );
$all_jp_options = array_merge( $jetpack_options, $jetpack_options_non_compat, $jetpack_options_private );
if ( $strip_unsafe_options ) {
// Flag some Jetpack options as unsafe.
$unsafe_options = array(
'id', // (int) The Client ID/WP.com Blog ID of this site.
'master_user', // (int) The local User ID of the user who connected this site to jetpack.wordpress.com.
'version', // (string) Used during upgrade procedure to auto-activate new modules. version:time
// non_compact.
'activated',
// private.
'register',
'blog_token', // (string) The Client Secret/Blog Token of this site.
'user_token', // (string) The User Token of this site. (deprecated)
'user_tokens',
);
// Remove the unsafe Jetpack options.
foreach ( $unsafe_options as $unsafe_option ) {
$key = array_search( $unsafe_option, $all_jp_options, true );
if ( false !== $key ) {
unset( $all_jp_options[ $key ] );
}
}
}
return $all_jp_options;
}
/**
* Get all options that are not managed by the Jetpack_Options class that are used by Jetpack.
*
* @since 1.1.2
* @since-jetpack 5.4.0
*
* @return array
*/
public static function get_all_wp_options() {
// A manual build of the wp options.
return array(
'sharing-options',
'disabled_likes',
'disabled_reblogs',
'jetpack_comments_likes_enabled',
'stats_options',
'stats_dashboard_widget',
'safecss_preview_rev',
'safecss_rev',
'safecss_revision_migrated',
'nova_menu_order',
'jetpack_portfolio',
'jetpack_portfolio_posts_per_page',
'jetpack_testimonial',
'jetpack_testimonial_posts_per_page',
'sharedaddy_disable_resources',
'sharing-options',
'sharing-services',
'site_icon_temp_data',
'featured-content',
'site_logo',
'jetpack_dismissed_notices',
'jetpack-twitter-cards-site-tag',
'jetpack-sitemap-state',
'jetpack_sitemap_post_types',
'jetpack_sitemap_location',
'jetpack_protect_key',
'jetpack_protect_blocked_attempts',
'jetpack_protect_activating',
'jetpack_active_plan',
'jetpack_activation_source',
'jetpack_site_products',
'jetpack_sso_match_by_email',
'jetpack_sso_require_two_step',
'jetpack_sso_remove_login_form',
'jetpack_last_connect_url_check',
'jpo_business_address',
'jpo_site_type',
'jpo_homepage_format',
'jpo_contact_page',
'jetpack_excluded_extensions',
);
}
/**
* Gets all options that can be safely reset by CLI.
*
* @since 1.1.2
* @since-jetpack 5.4.0
*
* @return array array Associative array containing jp_options which are managed by the Jetpack_Options class and wp_options which are not.
*/
public static function get_options_for_reset() {
$all_jp_options = self::get_all_jetpack_options();
$wp_options = self::get_all_wp_options();
$options = array(
'jp_options' => $all_jp_options,
'wp_options' => $wp_options,
);
return $options;
}
/**
* Delete all known options
*
* @since 1.1.2
* @since-jetpack 5.4.0
*
* @return void
*/
public static function delete_all_known_options() {
// Delete all compact options.
foreach ( (array) self::$grouped_options as $option_name ) {
delete_option( $option_name );
}
// Delete all non-compact Jetpack options.
foreach ( (array) self::get_option_names( 'non-compact' ) as $option_name ) {
self::delete_option( $option_name );
}
// Delete all options that can be reset via CLI, that aren't Jetpack options.
foreach ( (array) self::get_all_wp_options() as $option_name ) {
delete_option( $option_name );
}
}
}

409
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-signature.php
View File

@ -1,409 +0,0 @@
<?php
/**
* The Jetpack Connection signature class file.
*
* @package automattic/jetpack-connection
*/
use Automattic\Jetpack\Connection\Manager as Connection_Manager;
/**
* The Jetpack Connection signature class that is used to sign requests.
*/
class Jetpack_Signature {
/**
* Token part of the access token.
*
* @access public
* @var string
*/
public $token;
/**
* Access token secret.
*
* @access public
* @var string
*/
public $secret;
/**
* Timezone difference (in seconds).
*
* @access public
* @var int
*/
public $time_diff;
/**
* The current request URL.
*
* @access public
* @var string
*/
public $current_request_url;
/**
* Constructor.
*
* @param array $access_token Access token.
* @param int $time_diff Timezone difference (in seconds).
*/
public function __construct( $access_token, $time_diff = 0 ) {
$secret = explode( '.', $access_token );
if ( 2 !== count( $secret ) ) {
return;
}
$this->token = $secret[0];
$this->secret = $secret[1];
$this->time_diff = $time_diff;
}
/**
* Sign the current request.
*
* @todo Implement a proper nonce verification.
*
* @param array $override Optional arguments to override the ones from the current request.
* @return string|WP_Error Request signature, or a WP_Error on failure.
*/
public function sign_current_request( $override = array() ) {
if ( isset( $override['scheme'] ) ) {
$scheme = $override['scheme'];
if ( ! in_array( $scheme, array( 'http', 'https' ), true ) ) {
return new WP_Error( 'invalid_scheme', 'Invalid URL scheme' );
}
} elseif ( is_ssl() ) {
$scheme = 'https';
} else {
$scheme = 'http';
}
$port = $this->get_current_request_port();
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidatedNotSanitized -- Sniff misses the esc_url_raw wrapper.
$this->current_request_url = esc_url_raw( wp_unslash( "{$scheme}://{$_SERVER['HTTP_HOST']}:{$port}" . ( isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' ) ) );
if ( array_key_exists( 'body', $override ) && ! empty( $override['body'] ) ) {
$body = $override['body'];
} elseif ( isset( $_SERVER['REQUEST_METHOD'] ) && 'POST' === strtoupper( $_SERVER['REQUEST_METHOD'] ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- This is validating.
$body = isset( $GLOBALS['HTTP_RAW_POST_DATA'] ) ? $GLOBALS['HTTP_RAW_POST_DATA'] : null;
// Convert the $_POST to the body, if the body was empty. This is how arrays are hashed
// and encoded on the Jetpack side.
if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
// phpcs:ignore WordPress.Security.NonceVerification.Missing
if ( empty( $body ) && is_array( $_POST ) && $_POST !== array() ) {
$body = $_POST; // phpcs:ignore WordPress.Security.NonceVerification.Missing
}
}
} elseif ( isset( $_SERVER['REQUEST_METHOD'] ) && 'PUT' === strtoupper( $_SERVER['REQUEST_METHOD'] ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- This is validating.
// This is a little strange-looking, but there doesn't seem to be another way to get the PUT body.
$raw_put_data = file_get_contents( 'php://input' );
parse_str( $raw_put_data, $body );
if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
$put_data = json_decode( $raw_put_data, true );
if ( is_array( $put_data ) && $put_data !== array() ) {
$body = $put_data;
}
}
} else {
$body = null;
}
if ( empty( $body ) ) {
$body = null;
}
$a = array();
foreach ( array( 'token', 'timestamp', 'nonce', 'body-hash' ) as $parameter ) {
if ( isset( $override[ $parameter ] ) ) {
$a[ $parameter ] = $override[ $parameter ];
} else {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
$a[ $parameter ] = isset( $_GET[ $parameter ] ) ? filter_var( wp_unslash( $_GET[ $parameter ] ) ) : '';
}
}
$method = isset( $override['method'] ) ? $override['method'] : ( isset( $_SERVER['REQUEST_METHOD'] ) ? filter_var( wp_unslash( $_SERVER['REQUEST_METHOD'] ) ) : null );
return $this->sign_request( $a['token'], $a['timestamp'], $a['nonce'], $a['body-hash'], $method, $this->current_request_url, $body, true );
}
/**
* Sign a specified request.
*
* @todo Having body_hash v. body-hash is annoying. Refactor to accept an array?
* @todo Use wp_json_encode() instead of json_encode()?
*
* @param string $token Request token.
* @param int $timestamp Timestamp of the request.
* @param string $nonce Request nonce.
* @param string $body_hash Request body hash.
* @param string $method Request method.
* @param string $url Request URL.
* @param mixed $body Request body.
* @param bool $verify_body_hash Whether to verify the body hash against the body.
* @return string|WP_Error Request signature, or a WP_Error on failure.
*/
public function sign_request( $token = '', $timestamp = 0, $nonce = '', $body_hash = '', $method = '', $url = '', $body = null, $verify_body_hash = true ) {
if ( ! $this->secret ) {
return new WP_Error( 'invalid_secret', 'Invalid secret' );
}
if ( ! $this->token ) {
return new WP_Error( 'invalid_token', 'Invalid token' );
}
list( $token ) = explode( '.', $token );
$signature_details = compact( 'token', 'timestamp', 'nonce', 'body_hash', 'method', 'url' );
if ( ! str_starts_with( $token, "$this->token:" ) ) {
return new WP_Error( 'token_mismatch', 'Incorrect token', compact( 'signature_details' ) );
}
// If we got an array at this point, let's encode it, so we can see what it looks like as a string.
if ( is_array( $body ) ) {
if ( $body !== array() ) {
// phpcs:ignore WordPress.WP.AlternativeFunctions.json_encode_json_encode
$body = json_encode( $body );
} else {
$body = '';
}
}
$required_parameters = array( 'token', 'timestamp', 'nonce', 'method', 'url' );
if ( $body !== null ) {
$required_parameters[] = 'body_hash';
if ( ! is_string( $body ) ) {
return new WP_Error( 'invalid_body', 'Body is malformed.', compact( 'signature_details' ) );
}
}
foreach ( $required_parameters as $required ) {
if ( ! is_scalar( $$required ) ) {
return new WP_Error( 'invalid_signature', sprintf( 'The required "%s" parameter is malformed.', str_replace( '_', '-', $required ) ), compact( 'signature_details' ) );
}
if ( ! strlen( $$required ) ) {
return new WP_Error( 'invalid_signature', sprintf( 'The required "%s" parameter is missing.', str_replace( '_', '-', $required ) ), compact( 'signature_details' ) );
}
}
if ( empty( $body ) ) {
if ( $body_hash ) {
return new WP_Error( 'invalid_body_hash', 'Invalid body hash for empty body.', compact( 'signature_details' ) );
}
} else {
$connection = new Connection_Manager();
if ( $verify_body_hash && $connection->sha1_base64( $body ) !== $body_hash ) {
return new WP_Error( 'invalid_body_hash', 'The body hash does not match.', compact( 'signature_details' ) );
}
}
$parsed = wp_parse_url( $url );
if ( ! isset( $parsed['host'] ) ) {
return new WP_Error( 'invalid_signature', sprintf( 'The required "%s" parameter is malformed.', 'url' ), compact( 'signature_details' ) );
}
if ( ! empty( $parsed['port'] ) ) {
$port = $parsed['port'];
} elseif ( 'http' === $parsed['scheme'] ) {
$port = 80;
} elseif ( 'https' === $parsed['scheme'] ) {
$port = 443;
} else {
return new WP_Error( 'unknown_scheme_port', "The scheme's port is unknown", compact( 'signature_details' ) );
}
if ( ! ctype_digit( "$timestamp" ) || 10 < strlen( $timestamp ) ) { // If Jetpack is around in 275 years, you can blame mdawaffe for the bug.
return new WP_Error( 'invalid_signature', sprintf( 'The required "%s" parameter is malformed.', 'timestamp' ), compact( 'signature_details' ) );
}
$local_time = $timestamp - $this->time_diff;
if ( $local_time < time() - 600 || $local_time > time() + 300 ) {
return new WP_Error( 'invalid_signature', 'The timestamp is too old.', compact( 'signature_details' ) );
}
if ( 12 < strlen( $nonce ) || preg_match( '/[^a-zA-Z0-9]/', $nonce ) ) {
return new WP_Error( 'invalid_signature', sprintf( 'The required "%s" parameter is malformed.', 'nonce' ), compact( 'signature_details' ) );
}
$normalized_request_pieces = array(
$token,
$timestamp,
$nonce,
$body_hash,
strtoupper( $method ),
strtolower( $parsed['host'] ),
$port,
empty( $parsed['path'] ) ? '' : $parsed['path'],
// Normalized Query String.
);
$normalized_request_pieces = array_merge( $normalized_request_pieces, $this->normalized_query_parameters( isset( $parsed['query'] ) ? $parsed['query'] : '' ) );
$flat_normalized_request_pieces = array();
foreach ( $normalized_request_pieces as $piece ) {
if ( is_array( $piece ) ) {
foreach ( $piece as $subpiece ) {
$flat_normalized_request_pieces[] = $subpiece;
}
} else {
$flat_normalized_request_pieces[] = $piece;
}
}
$normalized_request_pieces = $flat_normalized_request_pieces;
$normalized_request_string = implode( "\n", $normalized_request_pieces ) . "\n";
// phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
return base64_encode( hash_hmac( 'sha1', $normalized_request_string, $this->secret, true ) );
}
/**
* Retrieve and normalize the parameters from a query string.
*
* @param string $query_string Query string.
* @return array Normalized query string parameters.
*/
public function normalized_query_parameters( $query_string ) {
parse_str( $query_string, $array );
unset( $array['signature'] );
$names = array_keys( $array );
$values = array_values( $array );
$names = array_map( array( $this, 'encode_3986' ), $names );
$values = array_map( array( $this, 'encode_3986' ), $values );
$pairs = array_map( array( $this, 'join_with_equal_sign' ), $names, $values );
sort( $pairs );
return $pairs;
}
/**
* Encodes a string or array of strings according to RFC 3986.
*
* @param string|array $string_or_array String or array to encode.
* @return string|array URL-encoded string or array.
*/
public function encode_3986( $string_or_array ) {
if ( is_array( $string_or_array ) ) {
return array_map( array( $this, 'encode_3986' ), $string_or_array );
}
return rawurlencode( $string_or_array );
}
/**
* Concatenates a parameter name and a parameter value with an equals sign between them.
*
* @param string $name Parameter name.
* @param string|array $value Parameter value.
* @return string|array A string pair (e.g. `name=value`) or an array of string pairs.
*/
public function join_with_equal_sign( $name, $value ) {
if ( is_array( $value ) ) {
return $this->join_array_with_equal_sign( $name, $value );
}
return "{$name}={$value}";
}
/**
* Helper function for join_with_equal_sign for handling arrayed values.
* Explicitly supports nested arrays.
*
* @param string $name Parameter name.
* @param array $value Parameter value.
* @return array An array of string pairs (e.g. `[ name[example]=value ]`).
*/
private function join_array_with_equal_sign( $name, $value ) {
$result = array();
foreach ( $value as $value_key => $value_value ) {
$joined_value = $this->join_with_equal_sign( $name . '[' . $value_key . ']', $value_value );
if ( is_array( $joined_value ) ) {
foreach ( array_values( $joined_value ) as $individual_joined_value ) {
$result[] = $individual_joined_value;
}
} elseif ( is_string( $joined_value ) ) {
$result[] = $joined_value;
}
}
sort( $result );
return $result;
}
/**
* Gets the port that should be considered to sign the current request.
*
* It will analyze the current request, as well as some Jetpack constants, to return the string
* to be concatenated in the URL representing the port of the current request.
*
* @since 1.8.4
*
* @return string The port to be used in the signature
*/
public function get_current_request_port() {
$host_port = isset( $_SERVER['HTTP_X_FORWARDED_PORT'] ) ? $this->sanitize_host_post( $_SERVER['HTTP_X_FORWARDED_PORT'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- This is validating.
if ( '' === $host_port && isset( $_SERVER['SERVER_PORT'] ) ) {
$host_port = $this->sanitize_host_post( $_SERVER['SERVER_PORT'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- This is validating.
}
/**
* Note: This port logic is tested in the Jetpack_Cxn_Tests->test__server_port_value() test.
* Please update the test if any changes are made in this logic.
*/
if ( is_ssl() ) {
// 443: Standard Port
// 80: Assume we're behind a proxy without X-Forwarded-Port. Hardcoding "80" here means most sites
// with SSL termination proxies (self-served, Cloudflare, etc.) don't need to fiddle with
// the JETPACK_SIGNATURE__HTTPS_PORT constant. The code also implies we can't talk to a
// site at https://example.com:80/ (which would be a strange configuration).
// JETPACK_SIGNATURE__HTTPS_PORT: Set this constant in wp-config.php to the back end webserver's port
// if the site is behind a proxy running on port 443 without
// X-Forwarded-Port and the back end's port is *not* 80. It's better,
// though, to configure the proxy to send X-Forwarded-Port.
$https_port = defined( 'JETPACK_SIGNATURE__HTTPS_PORT' ) ? $this->sanitize_host_post( JETPACK_SIGNATURE__HTTPS_PORT ) : '443';
$port = in_array( $host_port, array( '443', '80', $https_port ), true ) ? '' : $host_port;
} else {
// 80: Standard Port
// JETPACK_SIGNATURE__HTTPS_PORT: Set this constant in wp-config.php to the back end webserver's port
// if the site is behind a proxy running on port 80 without
// X-Forwarded-Port. It's better, though, to configure the proxy to
// send X-Forwarded-Port.
$http_port = defined( 'JETPACK_SIGNATURE__HTTP_PORT' ) ? $this->sanitize_host_post( JETPACK_SIGNATURE__HTTP_PORT ) : '80';
$port = in_array( $host_port, array( '80', $http_port ), true ) ? '' : $host_port;
}
return (string) $port;
}
/**
* Sanitizes a variable checking if it's a valid port number, which can be an integer or a numeric string
*
* @since 1.8.4
*
* @param mixed $port_number Variable representing a port number.
* @return string Always a string with a valid port number, or an empty string if input is invalid
*/
public function sanitize_host_post( $port_number ) {
if ( ! is_int( $port_number ) && ! is_string( $port_number ) ) {
return '';
}
if ( is_string( $port_number ) && ! ctype_digit( $port_number ) ) {
return '';
}
if ( 0 >= (int) $port_number || 65535 < $port_number ) {
return '';
}
return (string) $port_number;
}
}

230
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-tracks-client.php
View File

@ -1,230 +0,0 @@
<?php
/**
* Legacy Jetpack Tracks Client
*
* @package automattic/jetpack-tracking
*/
use Automattic\Jetpack\Connection\Manager;
/**
* Jetpack_Tracks_Client
*
* Send Tracks events on behalf of a user
*
* Example Usage:
```php
require( dirname(__FILE__).'path/to/tracks/class-jetpack-tracks-client.php' );
$result = Jetpack_Tracks_Client::record_event( array(
'_en' => $event_name, // required
'_ui' => $user_id, // required unless _ul is provided
'_ul' => $user_login, // required unless _ui is provided
// Optional, but recommended
'_ts' => $ts_in_ms, // Default: now
'_via_ip' => $client_ip, // we use it for geo, etc.
// Possibly useful to set some context for the event
'_via_ua' => $client_user_agent,
'_via_url' => $client_url,
'_via_ref' => $client_referrer,
// For user-targeted tests
'abtest_name' => $abtest_name,
'abtest_variation' => $abtest_variation,
// Your application-specific properties
'custom_property' => $some_value,
) );
if ( is_wp_error( $result ) ) {
// Handle the error in your app
}
```
*/
class Jetpack_Tracks_Client {
const PIXEL = 'https://pixel.wp.com/t.gif';
const BROWSER_TYPE = 'php-agent';
const USER_AGENT_SLUG = 'tracks-client';
const VERSION = '0.3';
/**
* Stores the Terms of Service Object Reference.
*
* @var null
*/
private static $terms_of_service = null;
/**
* Record an event.
*
* @param mixed $event Event object to send to Tracks. An array will be cast to object. Required.
* Properties are included directly in the pixel query string after light validation.
* @return mixed True on success, WP_Error on failure
*/
public static function record_event( $event ) {
if ( ! self::$terms_of_service ) {
self::$terms_of_service = new \Automattic\Jetpack\Terms_Of_Service();
}
// Don't track users who have opted out or not agreed to our TOS, or are not running an active Jetpack.
if ( ! self::$terms_of_service->has_agreed() || ! empty( $_COOKIE['tk_opt-out'] ) ) {
return false;
}
if ( ! $event instanceof Jetpack_Tracks_Event ) {
$event = new Jetpack_Tracks_Event( $event );
}
if ( is_wp_error( $event ) ) {
return $event;
}
$pixel = $event->build_pixel_url( $event );
if ( ! $pixel ) {
return new WP_Error( 'invalid_pixel', 'cannot generate tracks pixel for given input', 400 );
}
return self::record_pixel( $pixel );
}
/**
* Synchronously request the pixel.
*
* @param string $pixel The wp.com tracking pixel.
* @return array|bool|WP_Error True if successful. wp_remote_get response or WP_Error if not.
*/
public static function record_pixel( $pixel ) {
// Add the Request Timestamp and URL terminator just before the HTTP request.
$pixel .= '&_rt=' . self::build_timestamp() . '&_=_';
$response = wp_remote_get(
$pixel,
array(
'blocking' => true, // The default, but being explicit here :).
'timeout' => 1,
'redirection' => 2,
'httpversion' => '1.1',
'user-agent' => self::get_user_agent(),
)
);
if ( is_wp_error( $response ) ) {
return $response;
}
$code = isset( $response['response']['code'] ) ? $response['response']['code'] : 0;
if ( 200 !== $code ) {
return new WP_Error( 'request_failed', 'Tracks pixel request failed', $code );
}
return true;
}
/**
* Get the user agent.
*
* @return string The user agent.
*/
public static function get_user_agent() {
return self::USER_AGENT_SLUG . '-v' . self::VERSION;
}
/**
* Build an event and return its tracking URL
*
* @deprecated Call the `build_pixel_url` method on a Jetpack_Tracks_Event object instead.
* @param array $event Event keys and values.
* @return string URL of a tracking pixel.
*/
public static function build_pixel_url( $event ) {
$_event = new Jetpack_Tracks_Event( $event );
return $_event->build_pixel_url();
}
/**
* Validate input for a tracks event.
*
* @deprecated Instantiate a Jetpack_Tracks_Event object instead
* @param array $event Event keys and values.
* @return mixed Validated keys and values or WP_Error on failure
*/
private static function validate_and_sanitize( $event ) {
$_event = new Jetpack_Tracks_Event( $event );
if ( is_wp_error( $_event ) ) {
return $_event;
}
return get_object_vars( $_event );
}
/**
* Builds a timestamp.
*
* Milliseconds since 1970-01-01.
*
* @return string
*/
public static function build_timestamp() {
$ts = round( microtime( true ) * 1000 );
return number_format( $ts, 0, '', '' );
}
/**
* Grabs the user's anon id from cookies, or generates and sets a new one
*
* @return string An anon id for the user
*/
public static function get_anon_id() {
static $anon_id = null;
if ( ! isset( $anon_id ) ) {
// Did the browser send us a cookie?
if ( isset( $_COOKIE['tk_ai'] ) && preg_match( '#^[a-z]+:[A-Za-z0-9+/=]{24}$#', $_COOKIE['tk_ai'] ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- This is validating.
$anon_id = $_COOKIE['tk_ai']; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- This is validating.
} else {
$binary = '';
// Generate a new anonId and try to save it in the browser's cookies.
// Note that base64-encoding an 18 character string generates a 24-character anon id.
for ( $i = 0; $i < 18; ++$i ) {
$binary .= chr( wp_rand( 0, 255 ) );
}
$anon_id = 'jetpack:' . base64_encode( $binary ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
if ( ! headers_sent()
&& ! ( defined( 'REST_REQUEST' ) && REST_REQUEST )
&& ! ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST )
) {
setcookie( 'tk_ai', $anon_id, 0, COOKIEPATH, COOKIE_DOMAIN, is_ssl(), false ); // phpcs:ignore Jetpack.Functions.SetCookie -- This is a random value and should be fine.
}
}
}
return $anon_id;
}
/**
* Gets the WordPress.com user's Tracks identity, if connected.
*
* @return array|bool
*/
public static function get_connected_user_tracks_identity() {
$user_data = ( new Manager() )->get_connected_user_data();
if ( ! $user_data ) {
return false;
}
return array(
'blogid' => Jetpack_Options::get_option( 'id', 0 ),
'email' => $user_data['email'],
'userid' => $user_data['ID'],
'username' => $user_data['login'],
'user_locale' => $user_data['user_locale'],
);
}
}

188
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-tracks-event.php
View File

@ -1,188 +0,0 @@
<?php
/**
* Class Jetpack_Tracks_Event. Legacy.
*
* @package automattic/jetpack-sync
*/
/*
* Example Usage:
```php
require_once( dirname(__FILE__) . 'path/to/tracks/class-jetpack-tracks-event.php' );
$event = new Jetpack_Tracks_Event( array(
'_en' => $event_name, // required
'_ui' => $user_id, // required unless _ul is provided
'_ul' => $user_login, // required unless _ui is provided
// Optional, but recommended
'_via_ip' => $client_ip, // for geo, etc.
// Possibly useful to set some context for the event
'_via_ua' => $client_user_agent,
'_via_url' => $client_url,
'_via_ref' => $client_referrer,
// For user-targeted tests
'abtest_name' => $abtest_name,
'abtest_variation' => $abtest_variation,
// Your application-specific properties
'custom_property' => $some_value,
) );
if ( is_wp_error( $event->error ) ) {
// Handle the error in your app
}
$bump_and_redirect_pixel = $event->build_signed_pixel_url();
```
*/
/**
* Class Jetpack_Tracks_Event
*/
#[AllowDynamicProperties]
class Jetpack_Tracks_Event {
const EVENT_NAME_REGEX = '/^(([a-z0-9]+)_){2}([a-z0-9_]+)$/';
const PROP_NAME_REGEX = '/^[a-z_][a-z0-9_]*$/';
/**
* Tracks Event Error.
*
* @var mixed Error.
*/
public $error;
/**
* Jetpack_Tracks_Event constructor.
*
* @param object $event Tracks event.
*/
public function __construct( $event ) {
$_event = self::validate_and_sanitize( $event );
if ( is_wp_error( $_event ) ) {
$this->error = $_event;
return;
}
foreach ( $_event as $key => $value ) {
$this->{$key} = $value;
}
}
/**
* Record a track event.
*/
public function record() {
return Jetpack_Tracks_Client::record_event( $this );
}
/**
* Annotate the event with all relevant info.
*
* @param mixed $event Object or (flat) array.
* @return mixed The transformed event array or WP_Error on failure.
*/
public static function validate_and_sanitize( $event ) {
$event = (object) $event;
// Required.
if ( ! $event->_en ) {
return new WP_Error( 'invalid_event', 'A valid event must be specified via `_en`', 400 );
}
// delete non-routable addresses otherwise geoip will discard the record entirely.
if ( property_exists( $event, '_via_ip' ) && preg_match( '/^192\.168|^10\./', $event->_via_ip ) ) {
unset( $event->_via_ip );
}
$validated = array(
'browser_type' => Jetpack_Tracks_Client::BROWSER_TYPE,
'_aua' => Jetpack_Tracks_Client::get_user_agent(),
);
$_event = (object) array_merge( (array) $event, $validated );
// If you want to block property names, do it here.
// Make sure we have an event timestamp.
if ( ! isset( $_event->_ts ) ) {
$_event->_ts = Jetpack_Tracks_Client::build_timestamp();
}
return $_event;
}
/**
* Build a pixel URL that will send a Tracks event when fired.
* On error, returns an empty string ('').
*
* @return string A pixel URL or empty string ('') if there were invalid args.
*/
public function build_pixel_url() {
if ( $this->error ) {
return '';
}
$args = get_object_vars( $this );
// Request Timestamp and URL Terminator must be added just before the HTTP request or not at all.
unset( $args['_rt'] );
unset( $args['_'] );
$validated = self::validate_and_sanitize( $args );
if ( is_wp_error( $validated ) ) {
return '';
}
return Jetpack_Tracks_Client::PIXEL . '?' . http_build_query( $validated );
}
/**
* Validate the event name.
*
* @param string $name Event name.
* @return false|int
*/
public static function event_name_is_valid( $name ) {
return preg_match( self::EVENT_NAME_REGEX, $name );
}
/**
* Validates prop name
*
* @param string $name Property name.
*
* @return false|int Truthy value.
*/
public static function prop_name_is_valid( $name ) {
return preg_match( self::PROP_NAME_REGEX, $name );
}
/**
* Scrutinize event name.
*
* @param object $event Tracks event.
*/
public static function scrutinize_event_names( $event ) {
if ( ! self::event_name_is_valid( $event->_en ) ) {
return;
}
$whitelisted_key_names = array(
'anonId',
'Browser_Type',
);
foreach ( array_keys( (array) $event ) as $key ) {
if ( in_array( $key, $whitelisted_key_names, true ) ) {
continue;
}
if ( ! self::prop_name_is_valid( $key ) ) {
return;
}
}
}
}

877
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-xmlrpc-server.php
View File

@ -1,877 +0,0 @@
<?php
/**
* Jetpack XMLRPC Server.
*
* @package automattic/jetpack-connection
*/
use Automattic\Jetpack\Connection\Client;
use Automattic\Jetpack\Connection\Manager as Connection_Manager;
use Automattic\Jetpack\Connection\Secrets;
use Automattic\Jetpack\Connection\Tokens;
use Automattic\Jetpack\Connection\Urls;
use Automattic\Jetpack\Constants;
use Automattic\Jetpack\Roles;
/**
* Just a sack of functions. Not actually an IXR_Server
*/
class Jetpack_XMLRPC_Server {
/**
* The current error object
*
* @var \WP_Error
*/
public $error = null;
/**
* The current user
*
* @var \WP_User
*/
public $user = null;
/**
* The connection manager object.
*
* @var Automattic\Jetpack\Connection\Manager
*/
private $connection;
/**
* Creates a new XMLRPC server object.
*/
public function __construct() {
$this->connection = new Connection_Manager();
}
/**
* Whitelist of the XML-RPC methods available to the Jetpack Server. If the
* user is not authenticated (->login()) then the methods are never added,
* so they will get a "does not exist" error.
*
* @param array $core_methods Core XMLRPC methods.
*/
public function xmlrpc_methods( $core_methods ) {
$jetpack_methods = array(
'jetpack.verifyAction' => array( $this, 'verify_action' ),
'jetpack.idcUrlValidation' => array( $this, 'validate_urls_for_idc_mitigation' ),
'jetpack.unlinkUser' => array( $this, 'unlink_user' ),
'jetpack.testConnection' => array( $this, 'test_connection' ),
);
$jetpack_methods = array_merge( $jetpack_methods, $this->provision_xmlrpc_methods() );
$this->user = $this->login();
if ( $this->user ) {
$jetpack_methods = array_merge(
$jetpack_methods,
array(
'jetpack.testAPIUserCode' => array( $this, 'test_api_user_code' ),
)
);
if ( isset( $core_methods['metaWeblog.editPost'] ) ) {
$jetpack_methods['metaWeblog.newMediaObject'] = $core_methods['metaWeblog.newMediaObject'];
$jetpack_methods['jetpack.updateAttachmentParent'] = array( $this, 'update_attachment_parent' );
}
/**
* Filters the XML-RPC methods available to Jetpack for authenticated users.
*
* @since 1.7.0
* @since-jetpack 1.1.0
*
* @param array $jetpack_methods XML-RPC methods available to the Jetpack Server.
* @param array $core_methods Available core XML-RPC methods.
* @param \WP_User $user Information about the user authenticated in the request.
*/
$jetpack_methods = apply_filters( 'jetpack_xmlrpc_methods', $jetpack_methods, $core_methods, $this->user );
}
/**
* Filters the XML-RPC methods available to Jetpack for requests signed both with a blog token or a user token.
*
* @since 1.7.0
* @since 1.9.5 Introduced the $user parameter.
* @since-jetpack 3.0.0
*
* @param array $jetpack_methods XML-RPC methods available to the Jetpack Server.
* @param array $core_methods Available core XML-RPC methods.
* @param \WP_User|bool $user Information about the user authenticated in the request. False if authenticated with blog token.
*/
return apply_filters( 'jetpack_xmlrpc_unauthenticated_methods', $jetpack_methods, $core_methods, $this->user );
}
/**
* Whitelist of the bootstrap XML-RPC methods
*/
public function bootstrap_xmlrpc_methods() {
return array(
'jetpack.remoteAuthorize' => array( $this, 'remote_authorize' ),
'jetpack.remoteRegister' => array( $this, 'remote_register' ),
);
}
/**
* Additional method needed for authorization calls.
*/
public function authorize_xmlrpc_methods() {
return array(
'jetpack.remoteAuthorize' => array( $this, 'remote_authorize' ),
'jetpack.remoteRegister' => array( $this, 'remote_already_registered' ),
);
}
/**
* Remote provisioning methods.
*/
public function provision_xmlrpc_methods() {
return array(
'jetpack.remoteRegister' => array( $this, 'remote_register' ),
'jetpack.remoteProvision' => array( $this, 'remote_provision' ),
'jetpack.remoteConnect' => array( $this, 'remote_connect' ),
'jetpack.getUser' => array( $this, 'get_user' ),
);
}
/**
* Used to verify whether a local user exists and what role they have.
*
* @param int|string|array $request One of:
* int|string The local User's ID, username, or email address.
* array A request array containing:
* 0: int|string The local User's ID, username, or email address.
*
* @return array|\IXR_Error Information about the user, or error if no such user found:
* roles: string[] The user's rols.
* login: string The user's username.
* email_hash string[] The MD5 hash of the user's normalized email address.
* caps string[] The user's capabilities.
* allcaps string[] The user's granular capabilities, merged from role capabilities.
* token_key string The Token Key of the user's Jetpack token. Empty string if none.
*/
public function get_user( $request ) {
$user_id = is_array( $request ) ? $request[0] : $request;
if ( ! $user_id ) {
return $this->error(
new \WP_Error(
'invalid_user',
__( 'Invalid user identifier.', 'jetpack-connection' ),
400
),
'get_user'
);
}
$user = $this->get_user_by_anything( $user_id );
if ( ! $user ) {
return $this->error(
new \WP_Error(
'user_unknown',
__( 'User not found.', 'jetpack-connection' ),
404
),
'get_user'
);
}
$user_token = ( new Tokens() )->get_access_token( $user->ID );
if ( $user_token ) {
list( $user_token_key ) = explode( '.', $user_token->secret );
if ( $user_token_key === $user_token->secret ) {
$user_token_key = '';
}
} else {
$user_token_key = '';
}
return array(
'id' => $user->ID,
'login' => $user->user_login,
'email_hash' => md5( strtolower( trim( $user->user_email ) ) ),
'roles' => $user->roles,
'caps' => $user->caps,
'allcaps' => $user->allcaps,
'token_key' => $user_token_key,
);
}
/**
* Remote authorization XMLRPC method handler.
*
* @param array $request the request.
*/
public function remote_authorize( $request ) {
$user = get_user_by( 'id', $request['state'] );
/**
* Happens on various request handling events in the Jetpack XMLRPC server.
* The action combines several types of events:
* - remote_authorize
* - remote_provision
* - get_user.
*
* @since 1.7.0
* @since-jetpack 8.0.0
*
* @param String $action the action name, i.e., 'remote_authorize'.
* @param String $stage the execution stage, can be 'begin', 'success', 'error', etc.
* @param array $parameters extra parameters from the event.
* @param WP_User $user the acting user.
*/
do_action( 'jetpack_xmlrpc_server_event', 'remote_authorize', 'begin', array(), $user );
foreach ( array( 'secret', 'state', 'redirect_uri', 'code' ) as $required ) {
if ( ! isset( $request[ $required ] ) || empty( $request[ $required ] ) ) {
return $this->error(
new \WP_Error( 'missing_parameter', 'One or more parameters is missing from the request.', 400 ),
'remote_authorize'
);
}
}
if ( ! $user ) {
return $this->error( new \WP_Error( 'user_unknown', 'User not found.', 404 ), 'remote_authorize' );
}
if ( $this->connection->has_connected_owner() && $this->connection->is_user_connected( $request['state'] ) ) {
return $this->error( new \WP_Error( 'already_connected', 'User already connected.', 400 ), 'remote_authorize' );
}
$verified = $this->verify_action( array( 'authorize', $request['secret'], $request['state'] ) );
if ( is_a( $verified, 'IXR_Error' ) ) {
return $this->error( $verified, 'remote_authorize' );
}
wp_set_current_user( $request['state'] );
$result = $this->connection->authorize( $request );
if ( is_wp_error( $result ) ) {
return $this->error( $result, 'remote_authorize' );
}
// This action is documented in class.jetpack-xmlrpc-server.php.
do_action( 'jetpack_xmlrpc_server_event', 'remote_authorize', 'success' );
return array(
'result' => $result,
);
}
/**
* This XML-RPC method is called from the /jpphp/provision endpoint on WPCOM in order to
* register this site so that a plan can be provisioned.
*
* @param array|ArrayAccess $request An array containing at minimum nonce and local_user keys.
*
* @return \WP_Error|array
*/
public function remote_register( $request ) {
// This action is documented in class.jetpack-xmlrpc-server.php.
do_action( 'jetpack_xmlrpc_server_event', 'remote_register', 'begin', array() );
$user = $this->fetch_and_verify_local_user( $request );
if ( ! $user ) {
return $this->error(
new WP_Error( 'input_error', __( 'Valid user is required', 'jetpack-connection' ), 400 ),
'remote_register'
);
}
if ( is_wp_error( $user ) || is_a( $user, 'IXR_Error' ) ) {
return $this->error( $user, 'remote_register' );
}
if ( empty( $request['nonce'] ) ) {
return $this->error(
new \WP_Error(
'nonce_missing',
__( 'The required "nonce" parameter is missing.', 'jetpack-connection' ),
400
),
'remote_register'
);
}
$nonce = sanitize_text_field( $request['nonce'] );
unset( $request['nonce'] );
$api_url = $this->connection->api_url( 'partner_provision_nonce_check' );
$response = Client::_wp_remote_request(
esc_url_raw( add_query_arg( 'nonce', $nonce, $api_url ) ),
array( 'method' => 'GET' ),
true
);
if (
200 !== wp_remote_retrieve_response_code( $response ) ||
'OK' !== trim( wp_remote_retrieve_body( $response ) )
) {
return $this->error(
new \WP_Error(
'invalid_nonce',
__( 'There was an issue validating this request.', 'jetpack-connection' ),
400
),
'remote_register'
);
}
if ( ! Jetpack_Options::get_option( 'id' ) || ! ( new Tokens() )->get_access_token() || ! empty( $request['force'] ) ) {
wp_set_current_user( $user->ID );
// This code mostly copied from Jetpack::admin_page_load.
if ( isset( $request['from'] ) ) {
$this->connection->add_register_request_param( 'from', (string) $request['from'] );
}
$registered = $this->connection->try_registration();
if ( is_wp_error( $registered ) ) {
return $this->error( $registered, 'remote_register' );
} elseif ( ! $registered ) {
return $this->error(
new \WP_Error(
'registration_error',
__( 'There was an unspecified error registering the site', 'jetpack-connection' ),
400
),
'remote_register'
);
}
}
// This action is documented in class.jetpack-xmlrpc-server.php.
do_action( 'jetpack_xmlrpc_server_event', 'remote_register', 'success' );
return array(
'client_id' => Jetpack_Options::get_option( 'id' ),
);
}
/**
* This is a substitute for remote_register() when the blog is already registered which returns an error code
* signifying that state.
* This is an unauthorized call and we should not be responding with any data other than the error code.
*
* @return \IXR_Error
*/
public function remote_already_registered() {
return $this->error(
new \WP_Error( 'already_registered', __( 'Blog is already registered', 'jetpack-connection' ), 400 ),
'remote_register'
);
}
/**
* This XML-RPC method is called from the /jpphp/provision endpoint on WPCOM in order to
* register this site so that a plan can be provisioned.
*
* @param array|ArrayAccess $request An array containing at minimum a nonce key and a local_username key.
*
* @return \WP_Error|array
*/
public function remote_provision( $request ) {
$user = $this->fetch_and_verify_local_user( $request );
if ( ! $user ) {
return $this->error(
new WP_Error( 'input_error', __( 'Valid user is required', 'jetpack-connection' ), 400 ),
'remote_provision'
);
}
if ( is_wp_error( $user ) || is_a( $user, 'IXR_Error' ) ) {
return $this->error( $user, 'remote_provision' );
}
$site_icon = get_site_icon_url();
/**
* Filters the Redirect URI returned by the remote_register XMLRPC method
*
* @param string $redirect_uri The Redirect URI
*
* @since 1.9.7
*/
$redirect_uri = apply_filters( 'jetpack_xmlrpc_remote_register_redirect_uri', admin_url() );
// Generate secrets.
$roles = new Roles();
$role = $roles->translate_user_to_role( $user );
$secrets = ( new Secrets() )->generate( 'authorize', $user->ID );
$response = array(
'jp_version' => Constants::get_constant( 'JETPACK__VERSION' ),
'redirect_uri' => $redirect_uri,
'user_id' => $user->ID,
'user_email' => $user->user_email,
'user_login' => $user->user_login,
'scope' => $this->connection->sign_role( $role, $user->ID ),
'secret' => $secrets['secret_1'],
'is_active' => $this->connection->has_connected_owner(),
);
if ( $site_icon ) {
$response['site_icon'] = $site_icon;
}
/**
* Filters the response of the remote_provision XMLRPC method
*
* @param array $response The response.
* @param array $request An array containing at minimum a nonce key and a local_username key.
* @param \WP_User $user The local authenticated user.
*
* @since 1.9.7
*/
$response = apply_filters( 'jetpack_remote_xmlrpc_provision_response', $response, $request, $user );
return $response;
}
/**
* Given an array containing a local user identifier and a nonce, will attempt to fetch and set
* an access token for the given user.
*
* @param array $request An array containing local_user and nonce keys at minimum.
* @param \IXR_Client $ixr_client The client object, optional.
* @return mixed
*/
public function remote_connect( $request, $ixr_client = false ) {
if ( $this->connection->has_connected_owner() ) {
return $this->error(
new WP_Error(
'already_connected',
__( 'Jetpack is already connected.', 'jetpack-connection' ),
400
),
'remote_connect'
);
}
$user = $this->fetch_and_verify_local_user( $request );
if ( ! $user || is_wp_error( $user ) || is_a( $user, 'IXR_Error' ) ) {
return $this->error(
new WP_Error(
'input_error',
__( 'Valid user is required.', 'jetpack-connection' ),
400
),
'remote_connect'
);
}
if ( empty( $request['nonce'] ) ) {
return $this->error(
new WP_Error(
'input_error',
__( 'A non-empty nonce must be supplied.', 'jetpack-connection' ),
400
),
'remote_connect'
);
}
if ( ! $ixr_client ) {
$ixr_client = new Jetpack_IXR_Client();
}
// TODO: move this query into the Tokens class?
$ixr_client->query(
'jetpack.getUserAccessToken',
array(
'nonce' => sanitize_text_field( $request['nonce'] ),
'external_user_id' => $user->ID,
)
);
$token = $ixr_client->isError() ? false : $ixr_client->getResponse();
if ( empty( $token ) ) {
return $this->error(
new WP_Error(
'token_fetch_failed',
__( 'Failed to fetch user token from WordPress.com.', 'jetpack-connection' ),
400
),
'remote_connect'
);
}
$token = sanitize_text_field( $token );
( new Tokens() )->update_user_token( $user->ID, sprintf( '%s.%d', $token, $user->ID ), true );
/**
* Hook fired at the end of the jetpack.remoteConnect XML-RPC callback
*
* @since 1.9.7
*/
do_action( 'jetpack_remote_connect_end' );
return $this->connection->has_connected_owner();
}
/**
* Getter for the local user to act as.
*
* @param array $request the current request data.
*/
private function fetch_and_verify_local_user( $request ) {
if ( empty( $request['local_user'] ) ) {
return $this->error(
new \WP_Error(
'local_user_missing',
__( 'The required "local_user" parameter is missing.', 'jetpack-connection' ),
400
),
'remote_provision'
);
}
// Local user is used to look up by login, email or ID.
$local_user_info = $request['local_user'];
return $this->get_user_by_anything( $local_user_info );
}
/**
* Gets the user object by its data.
*
* @param string $user_id can be any identifying user data.
*/
private function get_user_by_anything( $user_id ) {
$user = get_user_by( 'login', $user_id );
if ( ! $user ) {
$user = get_user_by( 'email', $user_id );
}
if ( ! $user ) {
$user = get_user_by( 'ID', $user_id );
}
return $user;
}
/**
* Possible error_codes:
*
* - verify_secret_1_missing
* - verify_secret_1_malformed
* - verify_secrets_missing: verification secrets are not found in database
* - verify_secrets_incomplete: verification secrets are only partially found in database
* - verify_secrets_expired: verification secrets have expired
* - verify_secrets_mismatch: stored secret_1 does not match secret_1 sent by Jetpack.WordPress.com
* - state_missing: required parameter of state not found
* - state_malformed: state is not a digit
* - invalid_state: state in request does not match the stored state
*
* The 'authorize' and 'register' actions have additional error codes
*
* state_missing: a state ( user id ) was not supplied
* state_malformed: state is not the correct data type
* invalid_state: supplied state does not match the stored state
*
* @param array $params action An array of 3 parameters:
* [0]: string action. Possible values are `authorize`, `publicize` and `register`.
* [1]: string secret_1.
* [2]: int state.
* @return \IXR_Error|string IXR_Error on failure, secret_2 on success.
*/
public function verify_action( $params ) {
$action = isset( $params[0] ) ? $params[0] : '';
$verify_secret = isset( $params[1] ) ? $params[1] : '';
$state = isset( $params[2] ) ? $params[2] : '';
$result = ( new Secrets() )->verify( $action, $verify_secret, $state );
if ( is_wp_error( $result ) ) {
return $this->error( $result );
}
return $result;
}
/**
* Wrapper for wp_authenticate( $username, $password );
*
* @return \WP_User|bool
*/
public function login() {
$this->connection->require_jetpack_authentication();
$user = wp_authenticate( 'username', 'password' );
if ( is_wp_error( $user ) ) {
if ( 'authentication_failed' === $user->get_error_code() ) { // Generic error could mean most anything.
$this->error = new \WP_Error( 'invalid_request', 'Invalid Request', 403 );
} else {
$this->error = $user;
}
return false;
} elseif ( ! $user ) { // Shouldn't happen.
$this->error = new \WP_Error( 'invalid_request', 'Invalid Request', 403 );
return false;
}
wp_set_current_user( $user->ID );
return $user;
}
/**
* Returns the current error as an \IXR_Error
*
* @param \WP_Error|\IXR_Error $error The error object, optional.
* @param string $event_name The event name.
* @param \WP_User $user The user object.
* @return bool|\IXR_Error
*/
public function error( $error = null, $event_name = null, $user = null ) {
if ( null !== $event_name ) {
// This action is documented in class.jetpack-xmlrpc-server.php.
do_action( 'jetpack_xmlrpc_server_event', $event_name, 'fail', $error, $user );
}
if ( $error !== null ) {
$this->error = $error;
}
if ( is_wp_error( $this->error ) ) {
$code = $this->error->get_error_data();
if ( ! $code ) {
$code = -10520;
}
$message = sprintf( 'Jetpack: [%s] %s', $this->error->get_error_code(), $this->error->get_error_message() );
if ( ! class_exists( \IXR_Error::class ) ) {
require_once ABSPATH . WPINC . '/class-IXR.php';
}
return new \IXR_Error( $code, $message );
} elseif ( is_a( $this->error, 'IXR_Error' ) ) {
return $this->error;
}
return false;
}
/* API Methods */
/**
* Just authenticates with the given Jetpack credentials.
*
* @return string A success string. The Jetpack plugin filters it and make it return the Jetpack plugin version.
*/
public function test_connection() {
/**
* Filters the successful response of the XMLRPC test_connection method
*
* @param string $response The response string.
*/
return apply_filters( 'jetpack_xmlrpc_test_connection_response', 'success' );
}
/**
* Test the API user code.
*
* @param array $args arguments identifying the test site.
*/
public function test_api_user_code( $args ) {
$client_id = (int) $args[0];
$user_id = (int) $args[1];
$nonce = (string) $args[2];
$verify = (string) $args[3];
if ( ! $client_id || ! $user_id || ! strlen( $nonce ) || 32 !== strlen( $verify ) ) {
return false;
}
$user = get_user_by( 'id', $user_id );
if ( ! $user || is_wp_error( $user ) ) {
return false;
}
/* phpcs:ignore
debugging
error_log( "CLIENT: $client_id" );
error_log( "USER: $user_id" );
error_log( "NONCE: $nonce" );
error_log( "VERIFY: $verify" );
*/
$jetpack_token = ( new Tokens() )->get_access_token( $user_id );
$api_user_code = get_user_meta( $user_id, "jetpack_json_api_$client_id", true );
if ( ! $api_user_code ) {
return false;
}
$hmac = hash_hmac(
'md5',
json_encode( // phpcs:ignore WordPress.WP.AlternativeFunctions.json_encode_json_encode
(object) array(
'client_id' => (int) $client_id,
'user_id' => (int) $user_id,
'nonce' => (string) $nonce,
'code' => (string) $api_user_code,
)
),
$jetpack_token->secret
);
if ( ! hash_equals( $hmac, $verify ) ) {
return false;
}
return $user_id;
}
/**
* Unlink a user from WordPress.com
*
* When the request is done without any parameter, this XMLRPC callback gets an empty array as input.
*
* If $user_id is not provided, it will try to disconnect the current logged in user. This will fail if called by the Master User.
*
* If $user_id is is provided, it will try to disconnect the informed user, even if it's the Master User.
*
* @param mixed $user_id The user ID to disconnect from this site.
*/
public function unlink_user( $user_id = array() ) {
$user_id = (int) $user_id;
if ( $user_id < 1 ) {
$user_id = null;
}
/**
* Fired when we want to log an event to the Jetpack event log.
*
* @since 1.7.0
* @since-jetpack 7.7.0
*
* @param string $code Unique name for the event.
* @param string $data Optional data about the event.
*/
do_action( 'jetpack_event_log', 'unlink' );
return $this->connection->disconnect_user(
$user_id,
(bool) $user_id
);
}
/**
* Returns the home URL, site URL, and URL secret for the current site which can be used on the WPCOM side for
* IDC mitigation to decide whether sync should be allowed if the home and siteurl values differ between WPCOM
* and the remote Jetpack site.
*
* @since 1.56.0 Additional data may be added via filter `jetpack_connection_validate_urls_for_idc_mitigation_response`.
*
* @return array
*/
public function validate_urls_for_idc_mitigation() {
$response = array(
'home' => Urls::home_url(),
'siteurl' => Urls::site_url(),
);
/**
* Allows modifying the response.
*
* @since 1.56.0
*
* @param array $response
*/
return apply_filters( 'jetpack_connection_validate_urls_for_idc_mitigation_response', $response );
}
/**
* Updates the attachment parent object.
*
* @param array $args attachment and parent identifiers.
*/
public function update_attachment_parent( $args ) {
$attachment_id = (int) $args[0];
$parent_id = (int) $args[1];
return wp_update_post(
array(
'ID' => $attachment_id,
'post_parent' => $parent_id,
)
);
}
/**
* Deprecated: This method is no longer part of the Connection package and now lives on the Jetpack plugin.
*
* Disconnect this blog from the connected wordpress.com account
*
* @deprecated since 1.25.0
* @see Jetpack_XMLRPC_Methods::disconnect_blog() in the Jetpack plugin
*
* @return boolean
*/
public function disconnect_blog() {
_deprecated_function( __METHOD__, '1.25.0', 'Jetpack_XMLRPC_Methods::disconnect_blog()' );
if ( class_exists( 'Jetpack_XMLRPC_Methods' ) ) {
return Jetpack_XMLRPC_Methods::disconnect_blog();
}
return false;
}
/**
* Deprecated: This method is no longer part of the Connection package and now lives on the Jetpack plugin.
*
* Returns what features are available. Uses the slug of the module files.
*
* @deprecated since 1.25.0
* @see Jetpack_XMLRPC_Methods::features_available() in the Jetpack plugin
*
* @return array
*/
public function features_available() {
_deprecated_function( __METHOD__, '1.25.0', 'Jetpack_XMLRPC_Methods::features_available()' );
if ( class_exists( 'Jetpack_XMLRPC_Methods' ) ) {
return Jetpack_XMLRPC_Methods::features_available();
}
return array();
}
/**
* Deprecated: This method is no longer part of the Connection package and now lives on the Jetpack plugin.
*
* Returns what features are enabled. Uses the slug of the modules files.
*
* @deprecated since 1.25.0
* @see Jetpack_XMLRPC_Methods::features_enabled() in the Jetpack plugin
*
* @return array
*/
public function features_enabled() {
_deprecated_function( __METHOD__, '1.25.0', 'Jetpack_XMLRPC_Methods::features_enabled()' );
if ( class_exists( 'Jetpack_XMLRPC_Methods' ) ) {
return Jetpack_XMLRPC_Methods::features_enabled();
}
return array();
}
/**
* Deprecated: This method is no longer part of the Connection package and now lives on the Jetpack plugin.
*
* Serve a JSON API request.
*
* @deprecated since 1.25.0
* @see Jetpack_XMLRPC_Methods::json_api() in the Jetpack plugin
*
* @param array $args request arguments.
*/
public function json_api( $args = array() ) {
_deprecated_function( __METHOD__, '1.25.0', 'Jetpack_XMLRPC_Methods::json_api()' );
if ( class_exists( 'Jetpack_XMLRPC_Methods' ) ) {
return Jetpack_XMLRPC_Methods::json_api( $args );
}
return array();
}
}

501
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-client.php
View File

@ -1,501 +0,0 @@
<?php
/**
* The Connection Client class file.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
use Automattic\Jetpack\Constants;
/**
* The Client class that is used to connect to WordPress.com Jetpack API.
*/
class Client {
const WPCOM_JSON_API_VERSION = '1.1';
/**
* Makes an authorized remote request using Jetpack_Signature
*
* @param array $args the arguments for the remote request.
* @param array|String $body the request body.
* @return array|WP_Error WP HTTP response on success
*/
public static function remote_request( $args, $body = null ) {
if ( isset( $args['url'] ) ) {
/**
* Filters the remote request url.
*
* @since 1.30.12
*
* @param string The remote request url.
*/
$args['url'] = apply_filters( 'jetpack_remote_request_url', $args['url'] );
}
$result = self::build_signed_request( $args, $body );
if ( ! $result || is_wp_error( $result ) ) {
return $result;
}
$response = self::_wp_remote_request( $result['url'], $result['request'] );
Error_Handler::get_instance()->check_api_response_for_errors(
$response,
$result['auth'],
empty( $args['url'] ) ? '' : $args['url'],
empty( $args['method'] ) ? 'POST' : $args['method'],
'rest'
);
/**
* Fired when the remote request response has been received.
*
* @since 1.30.8
*
* @param array|WP_Error The HTTP response.
*/
do_action( 'jetpack_received_remote_request_response', $response );
return $response;
}
/**
* Adds authorization signature to a remote request using Jetpack_Signature
*
* @param array $args the arguments for the remote request.
* @param array|String $body the request body.
* @return WP_Error|array {
* An array containing URL and request items.
*
* @type String $url The request URL.
* @type array $request Request arguments.
* @type array $auth Authorization data.
* }
*/
public static function build_signed_request( $args, $body = null ) {
add_filter(
'jetpack_constant_default_value',
__NAMESPACE__ . '\Utils::jetpack_api_constant_filter',
10,
2
);
$defaults = array(
'url' => '',
'user_id' => 0,
'blog_id' => 0,
'auth_location' => Constants::get_constant( 'JETPACK_CLIENT__AUTH_LOCATION' ),
'method' => 'POST',
'format' => 'json',
'timeout' => 10,
'redirection' => 0,
'headers' => array(),
'stream' => false,
'filename' => null,
'sslverify' => true,
);
$args = wp_parse_args( $args, $defaults );
$args['blog_id'] = (int) $args['blog_id'];
if ( 'header' !== $args['auth_location'] ) {
$args['auth_location'] = 'query_string';
}
$token = ( new Tokens() )->get_access_token( $args['user_id'] );
if ( ! $token ) {
return new \WP_Error( 'missing_token' );
}
$method = strtoupper( $args['method'] );
$timeout = (int) $args['timeout'];
$redirection = $args['redirection'];
$stream = $args['stream'];
$filename = $args['filename'];
$sslverify = $args['sslverify'];
$request = compact( 'method', 'body', 'timeout', 'redirection', 'stream', 'filename', 'sslverify' );
@list( $token_key, $secret ) = explode( '.', $token->secret ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
if ( empty( $token ) || empty( $secret ) ) {
return new \WP_Error( 'malformed_token' );
}
$token_key = sprintf(
'%s:%d:%d',
$token_key,
Constants::get_constant( 'JETPACK__API_VERSION' ),
$token->external_user_id
);
$time_diff = (int) \Jetpack_Options::get_option( 'time_diff' );
$jetpack_signature = new \Jetpack_Signature( $token->secret, $time_diff );
$timestamp = time() + $time_diff;
if ( function_exists( 'wp_generate_password' ) ) {
$nonce = wp_generate_password( 10, false );
} else {
$nonce = substr( sha1( wp_rand( 0, 1000000 ) ), 0, 10 );
}
// Kind of annoying. Maybe refactor Jetpack_Signature to handle body-hashing.
if ( $body === null ) {
$body_hash = '';
} else {
// Allow arrays to be used in passing data.
$body_to_hash = $body;
if ( $args['format'] === 'jsonl' ) {
parse_str( $body, $body_to_hash );
}
if ( is_array( $body_to_hash ) ) {
// We cast this to a new variable, because the array form of $body needs to be
// maintained so it can be passed into the request later on in the code.
if ( array() !== $body_to_hash ) {
$body_to_hash = wp_json_encode( self::_stringify_data( $body_to_hash ) );
} else {
$body_to_hash = '';
}
}
if ( ! is_string( $body_to_hash ) ) {
return new \WP_Error( 'invalid_body', 'Body is malformed.' );
}
$body_hash = base64_encode( sha1( $body_to_hash, true ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
}
$auth = array(
'token' => $token_key,
'timestamp' => $timestamp,
'nonce' => $nonce,
'body-hash' => $body_hash,
);
if ( false !== strpos( $args['url'], 'xmlrpc.php' ) ) {
$url_args = array(
'for' => 'jetpack',
'wpcom_blog_id' => \Jetpack_Options::get_option( 'id' ),
);
} else {
$url_args = array();
}
if ( 'header' !== $args['auth_location'] ) {
$url_args += $auth;
}
$url = add_query_arg( urlencode_deep( $url_args ), $args['url'] );
$signature = $jetpack_signature->sign_request( $token_key, $timestamp, $nonce, $body_hash, $method, $url, $body, false );
if ( ! $signature || is_wp_error( $signature ) ) {
return $signature;
}
// Send an Authorization header so various caches/proxies do the right thing.
$auth['signature'] = $signature;
$auth['version'] = Constants::get_constant( 'JETPACK__VERSION' );
$header_pieces = array();
foreach ( $auth as $key => $value ) {
$header_pieces[] = sprintf( '%s="%s"', $key, $value );
}
$request['headers'] = array_merge(
$args['headers'],
array(
'Authorization' => 'X_JETPACK ' . implode( ' ', $header_pieces ),
)
);
if ( 'header' !== $args['auth_location'] ) {
$url = add_query_arg( 'signature', rawurlencode( $signature ), $url );
}
return compact( 'url', 'request', 'auth' );
}
/**
* Wrapper for wp_remote_request(). Turns off SSL verification for certain SSL errors.
* This is lame, but many, many, many hosts have misconfigured SSL.
*
* When Jetpack is registered, the jetpack_fallback_no_verify_ssl_certs option is set to the current time if:
* 1. a certificate error is found AND
* 2. not verifying the certificate works around the problem.
*
* The option is checked on each request.
*
* @internal
*
* @param String $url the request URL.
* @param array $args request arguments.
* @param Boolean $set_fallback whether to allow flagging this request to use a fallback certficate override.
* @return array|WP_Error WP HTTP response on success
*/
public static function _wp_remote_request( $url, $args, $set_fallback = false ) { // phpcs:ignore PSR2.Methods.MethodDeclaration.Underscore
$fallback = \Jetpack_Options::get_option( 'fallback_no_verify_ssl_certs' );
if ( false === $fallback ) {
\Jetpack_Options::update_option( 'fallback_no_verify_ssl_certs', 0 );
}
/**
* SSL verification (`sslverify`) for the JetpackClient remote request
* defaults to off, use this filter to force it on.
*
* Return `true` to ENABLE SSL verification, return `false`
* to DISABLE SSL verification.
*
* @since 1.7.0
* @since-jetpack 3.6.0
*
* @param bool Whether to force `sslverify` or not.
*/
if ( apply_filters( 'jetpack_client_verify_ssl_certs', false ) ) {
return wp_remote_request( $url, $args );
}
if ( (int) $fallback ) {
// We're flagged to fallback.
$args['sslverify'] = false;
}
$response = wp_remote_request( $url, $args );
if (
! $set_fallback // We're not allowed to set the flag on this request, so whatever happens happens.
||
isset( $args['sslverify'] ) && ! $args['sslverify'] // No verification - no point in doing it again.
||
! is_wp_error( $response ) // Let it ride.
) {
self::set_time_diff( $response, $set_fallback );
return $response;
}
// At this point, we're not flagged to fallback and we are allowed to set the flag on this request.
$message = $response->get_error_message();
// Is it an SSL Certificate verification error?
if (
false === strpos( $message, '14090086' ) // OpenSSL SSL3 certificate error.
&&
false === strpos( $message, '1407E086' ) // OpenSSL SSL2 certificate error.
&&
false === strpos( $message, 'error setting certificate verify locations' ) // cURL CA bundle not found.
&&
false === strpos( $message, 'Peer certificate cannot be authenticated with' ) // cURL CURLE_SSL_CACERT: CA bundle found, but not helpful
// Different versions of curl have different error messages
// this string should catch them all.
&&
false === strpos( $message, 'Problem with the SSL CA cert' ) // cURL CURLE_SSL_CACERT_BADFILE: probably access rights.
) {
// No, it is not.
return $response;
}
// Redo the request without SSL certificate verification.
$args['sslverify'] = false;
$response = wp_remote_request( $url, $args );
if ( ! is_wp_error( $response ) ) {
// The request went through this time, flag for future fallbacks.
\Jetpack_Options::update_option( 'fallback_no_verify_ssl_certs', time() );
self::set_time_diff( $response, $set_fallback );
}
return $response;
}
/**
* Sets the time difference for correct signature computation.
*
* @param HTTP_Response $response the response object.
* @param Boolean $force_set whether to force setting the time difference.
*/
public static function set_time_diff( &$response, $force_set = false ) {
$code = wp_remote_retrieve_response_code( $response );
// Only trust the Date header on some responses.
if ( 200 != $code && 304 != $code && 400 != $code && 401 != $code ) { // phpcs:ignore Universal.Operators.StrictComparisons.LooseNotEqual
return;
}
$date = wp_remote_retrieve_header( $response, 'date' );
if ( ! $date ) {
return;
}
$time = (int) strtotime( $date );
if ( 0 >= $time ) {
return;
}
$time_diff = $time - time();
if ( $force_set ) { // During register.
\Jetpack_Options::update_option( 'time_diff', $time_diff );
} else { // Otherwise.
$old_diff = \Jetpack_Options::get_option( 'time_diff' );
if ( false === $old_diff || abs( $time_diff - (int) $old_diff ) > 10 ) {
\Jetpack_Options::update_option( 'time_diff', $time_diff );
}
}
}
/**
* Validate and build arguments for a WordPress.com REST API request.
*
* @param string $path REST API path.
* @param string $version REST API version. Default is `2`.
* @param array $args Arguments to {@see WP_Http}. Default is `array()`.
* @param string $base_api_path REST API root. Default is `wpcom`.
*
* @return array|WP_Error $response Response data, else {@see WP_Error} on failure.
*/
public static function validate_args_for_wpcom_json_api_request(
$path,
$version = '2',
$args = array(),
$base_api_path = 'wpcom'
) {
$base_api_path = trim( $base_api_path, '/' );
$version = ltrim( $version, 'v' );
$path = ltrim( $path, '/' );
$filtered_args = array_intersect_key(
$args,
array(
'headers' => 'array',
'method' => 'string',
'format' => 'string',
'timeout' => 'int',
'redirection' => 'int',
'stream' => 'boolean',
'filename' => 'string',
'sslverify' => 'boolean',
)
);
// Use GET by default whereas `remote_request` uses POST.
$request_method = isset( $filtered_args['method'] ) ? strtoupper( $filtered_args['method'] ) : 'GET';
$url = sprintf(
'%s/%s/v%s/%s',
Constants::get_constant( 'JETPACK__WPCOM_JSON_API_BASE' ),
$base_api_path,
$version,
$path
);
$validated_args = array_merge(
$filtered_args,
array(
'url' => $url,
'method' => $request_method,
)
);
return $validated_args;
}
/**
* Queries the WordPress.com REST API with a user token.
*
* @param string $path REST API path.
* @param string $version REST API version. Default is `2`.
* @param array $args Arguments to {@see WP_Http}. Default is `array()`.
* @param string $body Body passed to {@see WP_Http}. Default is `null`.
* @param string $base_api_path REST API root. Default is `wpcom`.
*
* @return array|WP_Error $response Response data, else {@see WP_Error} on failure.
*/
public static function wpcom_json_api_request_as_user(
$path,
$version = '2',
$args = array(),
$body = null,
$base_api_path = 'wpcom'
) {
$args = self::validate_args_for_wpcom_json_api_request( $path, $version, $args, $base_api_path );
$args['user_id'] = get_current_user_id();
if ( isset( $body ) && ! isset( $args['headers'] ) && in_array( $args['method'], array( 'POST', 'PUT', 'PATCH' ), true ) ) {
$args['headers'] = array( 'Content-Type' => 'application/json' );
}
if ( isset( $body ) && ! is_string( $body ) ) {
$body = wp_json_encode( $body );
}
return self::remote_request( $args, $body );
}
/**
* Query the WordPress.com REST API using the blog token
*
* @param String $path The API endpoint relative path.
* @param String $version The API version.
* @param array $args Request arguments.
* @param String $body Request body.
* @param String $base_api_path (optional) the API base path override, defaults to 'rest'.
* @return array|WP_Error $response Data.
*/
public static function wpcom_json_api_request_as_blog(
$path,
$version = self::WPCOM_JSON_API_VERSION,
$args = array(),
$body = null,
$base_api_path = 'rest'
) {
$validated_args = self::validate_args_for_wpcom_json_api_request( $path, $version, $args, $base_api_path );
$validated_args['blog_id'] = (int) \Jetpack_Options::get_option( 'id' );
// For Simple sites get the response directly without any HTTP requests.
if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
add_filter( 'is_jetpack_authorized_for_site', '__return_true' );
require_lib( 'wpcom-api-direct' );
return \WPCOM_API_Direct::do_request( $validated_args, $body );
}
return self::remote_request( $validated_args, $body );
}
/**
* Takes an array or similar structure and recursively turns all values into strings. This is used to
* make sure that body hashes are made ith the string version, which is what will be seen after a
* server pulls up the data in the $_POST array.
*
* @param array|Mixed $data the data that needs to be stringified.
*
* @return array|string
*/
public static function _stringify_data( $data ) { // phpcs:ignore PSR2.Methods.MethodDeclaration.Underscore
// Booleans are special, lets just makes them and explicit 1/0 instead of the 0 being an empty string.
if ( is_bool( $data ) ) {
return $data ? '1' : '0';
}
// Cast objects into arrays.
if ( is_object( $data ) ) {
$data = (array) $data;
}
// Non arrays at this point should be just converted to strings.
if ( ! is_array( $data ) ) {
return (string) $data;
}
foreach ( $data as &$value ) {
$value = self::_stringify_data( $value );
}
return $data;
}
}

243
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-connection-notice.php
View File

@ -1,243 +0,0 @@
<?php
/**
* Admin connection notices.
*
* @package automattic/jetpack-admin-ui
*/
namespace Automattic\Jetpack\Connection;
use Automattic\Jetpack\Redirect;
use Automattic\Jetpack\Tracking;
/**
* Admin connection notices.
*/
class Connection_Notice {
/**
* Whether the class has been initialized.
*
* @var bool
*/
private static $is_initialized = false;
/**
* The constructor.
*/
public function __construct() {
if ( ! static::$is_initialized ) {
add_action( 'current_screen', array( $this, 'initialize_notices' ) );
static::$is_initialized = true;
}
}
/**
* Initialize the notices if needed.
*
* @param \WP_Screen $screen WP Core's screen object.
*
* @return void
*/
public function initialize_notices( $screen ) {
if ( ! in_array(
$screen->id,
array(
'jetpack_page_akismet-key-config',
'admin_page_jetpack_modules',
),
true
) ) {
add_action( 'admin_notices', array( $this, 'delete_user_update_connection_owner_notice' ) );
}
}
/**
* This is an entire admin notice dedicated to messaging and handling of the case where a user is trying to delete
* the connection owner.
*/
public function delete_user_update_connection_owner_notice() {
global $current_screen;
/*
* phpcs:disable WordPress.Security.NonceVerification.Recommended
*
* This function is firing within wp-admin and checks (below) if it is in the midst of a deletion on the users
* page. Nonce will be already checked by WordPress, so we do not need to check ourselves.
*/
if ( ! isset( $current_screen->base ) || 'users' !== $current_screen->base ) {
return;
}
if ( ! isset( $_REQUEST['action'] ) || 'delete' !== $_REQUEST['action'] ) {
return;
}
// Get connection owner or bail.
$connection_manager = new Manager();
$connection_owner_id = $connection_manager->get_connection_owner_id();
if ( ! $connection_owner_id ) {
return;
}
$connection_owner_userdata = get_userdata( $connection_owner_id );
// Bail if we're not trying to delete connection owner.
$user_ids_to_delete = array();
if ( isset( $_REQUEST['users'] ) ) {
$user_ids_to_delete = array_map( 'sanitize_text_field', wp_unslash( $_REQUEST['users'] ) );
} elseif ( isset( $_REQUEST['user'] ) ) {
$user_ids_to_delete[] = sanitize_text_field( wp_unslash( $_REQUEST['user'] ) );
}
// phpcs:enable
$user_ids_to_delete = array_map( 'absint', $user_ids_to_delete );
$deleting_connection_owner = in_array( $connection_owner_id, (array) $user_ids_to_delete, true );
if ( ! $deleting_connection_owner ) {
return;
}
// Bail if they're trying to delete themselves to avoid confusion.
if ( get_current_user_id() === $connection_owner_id ) {
return;
}
$tracking = new Tracking();
// Track it!
if ( method_exists( $tracking, 'record_user_event' ) ) {
$tracking->record_user_event( 'delete_connection_owner_notice_view' );
}
$connected_admins = $connection_manager->get_connected_users( 'jetpack_disconnect' );
$user = is_a( $connection_owner_userdata, 'WP_User' ) ? esc_html( $connection_owner_userdata->data->user_login ) : '';
echo "<div class='notice notice-warning' id='jetpack-notice-switch-connection-owner'>";
echo '<h2>' . esc_html__( 'Important notice about your Jetpack connection:', 'jetpack-connection' ) . '</h2>';
echo '<p>' . sprintf(
/* translators: WordPress User, if available. */
esc_html__( 'Warning! You are about to delete the Jetpack connection owner (%s) for this site, which may cause some of your Jetpack features to stop working.', 'jetpack-connection' ),
esc_html( $user )
) . '</p>';
if ( ! empty( $connected_admins ) && count( $connected_admins ) > 1 ) {
echo '<form id="jp-switch-connection-owner" action="" method="post">';
echo "<label for='owner'>" . esc_html__( 'You can choose to transfer connection ownership to one of these already-connected admins:', 'jetpack-connection' ) . ' </label>';
$connected_admin_ids = array_map(
function ( $connected_admin ) {
return $connected_admin->ID;
},
$connected_admins
);
wp_dropdown_users(
array(
'name' => 'owner',
'include' => array_diff( $connected_admin_ids, array( $connection_owner_id ) ),
'show' => 'display_name_with_login',
)
);
echo '<p>';
submit_button( esc_html__( 'Set new connection owner', 'jetpack-connection' ), 'primary', 'jp-switch-connection-owner-submit', false );
echo '</p>';
echo "<div id='jp-switch-user-results'></div>";
echo '</form>';
?>
<script type="text/javascript">
( function() {
const switchOwnerButton = document.getElementById('jp-switch-connection-owner');
if ( ! switchOwnerButton ) {
return;
}
switchOwnerButton.addEventListener( 'submit', function ( e ) {
e.preventDefault();
const submitBtn = document.getElementById('jp-switch-connection-owner-submit');
submitBtn.disabled = true;
const results = document.getElementById('jp-switch-user-results');
results.innerHTML = '';
results.classList.remove( 'error-message' );
const handleAPIError = ( message ) => {
submitBtn.disabled = false;
results.classList.add( 'error-message' );
results.innerHTML = message || "<?php esc_html_e( 'Something went wrong. Please try again.', 'jetpack-connection' ); ?>";
}
fetch(
<?php echo wp_json_encode( esc_url_raw( get_rest_url() . 'jetpack/v4/connection/owner' ), JSON_HEX_TAG | JSON_HEX_AMP ); ?>,
{
method: 'POST',
headers: {
'X-WP-Nonce': <?php echo wp_json_encode( wp_create_nonce( 'wp_rest' ), JSON_HEX_TAG | JSON_HEX_AMP ); ?>,
},
body: new URLSearchParams( new FormData( this ) ),
}
)
.then( response => response.json() )
.then( data => {
if ( data.hasOwnProperty( 'code' ) && data.code === 'success' ) {
// Owner successfully changed.
results.innerHTML = <?php echo wp_json_encode( esc_html__( 'Success!', 'jetpack-connection' ), JSON_HEX_TAG | JSON_HEX_AMP ); ?>;
setTimeout(function () {
document.getElementById( 'jetpack-notice-switch-connection-owner' ).style.display = 'none';
}, 1000);
return;
}
handleAPIError( data?.message );
} )
.catch( () => handleAPIError() );
});
} )();
</script>
<?php
} else {
echo '<p>' . esc_html__( 'Every Jetpack site needs at least one connected admin for the features to work properly. Please connect to your WordPress.com account via the button below. Once you connect, you may refresh this page to see an option to change the connection owner.', 'jetpack-connection' ) . '</p>';
$connect_url = $connection_manager->get_authorization_url();
$connect_url = add_query_arg( 'from', 'delete_connection_owner_notice', $connect_url );
echo "<a href='" . esc_url( $connect_url ) . "' target='_blank' rel='noopener noreferrer' class='button-primary'>" . esc_html__( 'Connect to WordPress.com', 'jetpack-connection' ) . '</a>';
}
echo '<p>';
printf(
wp_kses(
/* translators: URL to Jetpack support doc regarding the primary user. */
__( "<a href='%s' target='_blank' rel='noopener noreferrer'>Learn more</a> about the connection owner and what will break if you do not have one.", 'jetpack-connection' ),
array(
'a' => array(
'href' => true,
'target' => true,
'rel' => true,
),
)
),
esc_url( Redirect::get_url( 'jetpack-support-primary-user' ) )
);
echo '</p>';
echo '<p>';
printf(
wp_kses(
/* translators: URL to contact Jetpack support. */
__( 'As always, feel free to <a href="%s" target="_blank" rel="noopener noreferrer">contact our support team</a> if you have any questions.', 'jetpack-connection' ),
array(
'a' => array(
'href' => true,
'target' => true,
'rel' => true,
),
)
),
esc_url( Redirect::get_url( 'jetpack-contact-support' ) )
);
echo '</p>';
echo '</div>';
}
}

775
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-error-handler.php
View File

@ -1,775 +0,0 @@
<?php
/**
* The Jetpack Connection error class file.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
/**
* The Jetpack Connection Errors that handles errors
*
* This class handles the following workflow:
*
* 1. A XML-RCP request with an invalid signature triggers a error
* 2. Applies a gate to only process each error code once an hour to avoid overflow
* 3. It stores the error on the database, but we don't know yet if this is a valid error, because
* we can't confirm it came from WP.com.
* 4. It encrypts the error details and send it to thw wp.com server
* 5. wp.com checks it and, if valid, sends a new request back to this site using the verify_xml_rpc_error REST endpoint
* 6. This endpoint add this error to the Verified errors in the database
* 7. Triggers a workflow depending on the error (display user an error message, do some self healing, etc.)
*
* Errors are stored in the database as options in the following format:
*
* [
* $error_code => [
* $user_id => [
* $error_details
* ]
* ]
* ]
*
* For each error code we store a maximum of 5 errors for 5 different user ids.
*
* An user ID can be
* * 0 for blog tokens
* * positive integer for user tokens
* * 'invalid' for malformed tokens
*
* @since 1.14.2
*/
class Error_Handler {
/**
* The name of the option that stores the errors
*
* @since 1.14.2
*
* @var string
*/
const STORED_ERRORS_OPTION = 'jetpack_connection_xmlrpc_errors';
/**
* The name of the option that stores the errors
*
* @since 1.14.2
*
* @var string
*/
const STORED_VERIFIED_ERRORS_OPTION = 'jetpack_connection_xmlrpc_verified_errors';
/**
* The prefix of the transient that controls the gate for each error code
*
* @since 1.14.2
*
* @var string
*/
const ERROR_REPORTING_GATE = 'jetpack_connection_error_reporting_gate_';
/**
* Time in seconds a test should live in the database before being discarded
*
* @since 1.14.2
*/
const ERROR_LIFE_TIME = DAY_IN_SECONDS;
/**
* The error code for event tracking purposes.
* If there are many, only the first error code will be tracked.
*
* @var string
*/
private $error_code;
/**
* List of known errors. Only error codes in this list will be handled
*
* @since 1.14.2
*
* @var array
*/
public $known_errors = array(
'malformed_token',
'malformed_user_id',
'unknown_user',
'no_user_tokens',
'empty_master_user_option',
'no_token_for_user',
'token_malformed',
'user_id_mismatch',
'no_possible_tokens',
'no_valid_user_token',
'no_valid_blog_token',
'unknown_token',
'could_not_sign',
'invalid_scheme',
'invalid_secret',
'invalid_token',
'token_mismatch',
'invalid_body',
'invalid_signature',
'invalid_body_hash',
'invalid_nonce',
'signature_mismatch',
'invalid_connection_owner',
);
/**
* Holds the instance of this singleton class
*
* @since 1.14.2
*
* @var Error_Handler $instance
*/
public static $instance = null;
/**
* Initialize instance, hookds and load verified errors handlers
*
* @since 1.14.2
*/
private function __construct() {
defined( 'JETPACK__ERRORS_PUBLIC_KEY' ) || define( 'JETPACK__ERRORS_PUBLIC_KEY', 'KdZY80axKX+nWzfrOcizf0jqiFHnrWCl9X8yuaClKgM=' );
add_action( 'rest_api_init', array( $this, 'register_verify_error_endpoint' ) );
$this->handle_verified_errors();
// If the site gets reconnected, clear errors.
add_action( 'jetpack_site_registered', array( $this, 'delete_all_errors' ) );
add_action( 'jetpack_get_site_data_success', array( $this, 'delete_all_api_errors' ) );
add_filter( 'jetpack_connection_disconnect_site_wpcom', array( $this, 'delete_all_errors_and_return_unfiltered_value' ) );
add_filter( 'jetpack_connection_delete_all_tokens', array( $this, 'delete_all_errors_and_return_unfiltered_value' ) );
add_action( 'jetpack_unlinked_user', array( $this, 'delete_all_errors' ) );
add_action( 'jetpack_updated_user_token', array( $this, 'delete_all_errors' ) );
}
/**
* Gets the list of verified errors and act upon them
*
* @since 1.14.2
*
* @return void
*/
public function handle_verified_errors() {
$verified_errors = $this->get_verified_errors();
foreach ( array_keys( $verified_errors ) as $error_code ) {
switch ( $error_code ) {
case 'malformed_token':
case 'token_malformed':
case 'no_possible_tokens':
case 'no_valid_user_token':
case 'no_valid_blog_token':
case 'unknown_token':
case 'could_not_sign':
case 'invalid_token':
case 'token_mismatch':
case 'invalid_signature':
case 'signature_mismatch':
case 'no_user_tokens':
case 'no_token_for_user':
case 'invalid_connection_owner':
add_action( 'admin_notices', array( $this, 'generic_admin_notice_error' ) );
add_action( 'react_connection_errors_initial_state', array( $this, 'jetpack_react_dashboard_error' ) );
$this->error_code = $error_code;
// Since we are only generically handling errors, we don't need to trigger error messages for each one of them.
break 2;
}
}
}
/**
* Gets the instance of this singleton class
*
* @since 1.14.2
*
* @return Error_Handler $instance
*/
public static function get_instance() {
if ( self::$instance === null ) {
self::$instance = new self();
}
return self::$instance;
}
/**
* Keep track of a connection error that was encountered
*
* @param \WP_Error $error The error object.
* @param boolean $force Force the report, even if should_report_error is false.
* @param boolean $skip_wpcom_verification Set to 'true' to verify the error locally and skip the WP.com verification.
*
* @return void
* @since 1.14.2
*/
public function report_error( \WP_Error $error, $force = false, $skip_wpcom_verification = false ) {
if ( in_array( $error->get_error_code(), $this->known_errors, true ) && $this->should_report_error( $error ) || $force ) {
$stored_error = $this->store_error( $error );
if ( $stored_error ) {
$skip_wpcom_verification ? $this->verify_error( $stored_error ) : $this->send_error_to_wpcom( $stored_error );
}
}
}
/**
* Checks the status of the gate
*
* This protects the site (and WPCOM) against over loads.
*
* @since 1.14.2
*
* @param \WP_Error $error the error object.
* @return boolean $should_report True if gate is open and the error should be reported.
*/
public function should_report_error( \WP_Error $error ) {
if ( defined( 'JETPACK_DEV_DEBUG' ) && JETPACK_DEV_DEBUG ) {
return true;
}
/**
* Whether to bypass the gate for the error handling
*
* By default, we only process errors once an hour for each error code.
* This is done to avoid overflows. If you need to disable this gate, you can set this variable to true.
*
* This filter is useful for unit testing
*
* @since 1.14.2
*
* @param boolean $bypass_gate whether to bypass the gate. Default is false, do not bypass.
*/
$bypass_gate = apply_filters( 'jetpack_connection_bypass_error_reporting_gate', false );
if ( true === $bypass_gate ) {
return true;
}
$transient = self::ERROR_REPORTING_GATE . $error->get_error_code();
if ( get_transient( $transient ) ) {
return false;
}
set_transient( $transient, true, HOUR_IN_SECONDS );
return true;
}
/**
* Stores the error in the database so we know there is an issue and can inform the user
*
* @since 1.14.2
*
* @param \WP_Error $error the error object.
* @return boolean|array False if stored errors were not updated and the error array if it was successfully stored.
*/
public function store_error( \WP_Error $error ) {
$stored_errors = $this->get_stored_errors();
$error_array = $this->wp_error_to_array( $error );
$error_code = $error->get_error_code();
$user_id = $error_array['user_id'];
if ( ! isset( $stored_errors[ $error_code ] ) || ! is_array( $stored_errors[ $error_code ] ) ) {
$stored_errors[ $error_code ] = array();
}
$stored_errors[ $error_code ][ $user_id ] = $error_array;
// Let's store a maximum of 5 different user ids for each error code.
$error_code_count = is_countable( $stored_errors[ $error_code ] ) ? count( $stored_errors[ $error_code ] ) : 0;
if ( $error_code_count > 5 ) {
// array_shift will destroy keys here because they are numeric, so manually remove first item.
$keys = array_keys( $stored_errors[ $error_code ] );
unset( $stored_errors[ $error_code ][ $keys[0] ] );
}
if ( update_option( self::STORED_ERRORS_OPTION, $stored_errors ) ) {
return $error_array;
}
return false;
}
/**
* Converts a WP_Error object in the array representation we store in the database
*
* @since 1.14.2
*
* @param \WP_Error $error the error object.
* @return boolean|array False if error is invalid or the error array
*/
public function wp_error_to_array( \WP_Error $error ) {
$data = $error->get_error_data();
if ( ! isset( $data['signature_details'] ) || ! is_array( $data['signature_details'] ) ) {
return false;
}
$signature_details = $data['signature_details'];
if ( ! isset( $signature_details['token'] ) ) {
return false;
}
$user_id = $this->get_user_id_from_token( $signature_details['token'] );
$error_array = array(
'error_code' => $error->get_error_code(),
'user_id' => $user_id,
'error_message' => $error->get_error_message(),
'error_data' => $signature_details,
'timestamp' => time(),
'nonce' => wp_generate_password( 10, false ),
'error_type' => empty( $data['error_type'] ) ? '' : $data['error_type'],
);
return $error_array;
}
/**
* Sends the error to WP.com to be verified
*
* @since 1.14.2
*
* @param array $error_array The array representation of the error as it is stored in the database.
* @return bool
*/
public function send_error_to_wpcom( $error_array ) {
$blog_id = \Jetpack_Options::get_option( 'id' );
$encrypted_data = $this->encrypt_data_to_wpcom( $error_array );
if ( false === $encrypted_data ) {
return false;
}
$args = array(
'body' => array(
'error_data' => $encrypted_data,
),
);
// send encrypted data to WP.com Public-API v2.
wp_remote_post( "https://public-api.wordpress.com/wpcom/v2/sites/{$blog_id}/jetpack-report-error/", $args );
return true;
}
/**
* Encrypt data to be sent over to WP.com
*
* @since 1.14.2
*
* @param array|string $data the data to be encoded.
* @return boolean|string The encoded string on success, false on failure
*/
public function encrypt_data_to_wpcom( $data ) {
try {
// phpcs:disable WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
// phpcs:disable WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
$encrypted_data = base64_encode( sodium_crypto_box_seal( wp_json_encode( $data ), base64_decode( JETPACK__ERRORS_PUBLIC_KEY ) ) );
// phpcs:enable WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
// phpcs:enable WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
} catch ( \SodiumException $e ) {
// error encrypting data.
return false;
}
return $encrypted_data;
}
/**
* Extracts the user ID from a token
*
* @since 1.14.2
*
* @param string $token the token used to make the request.
* @return string $the user id or `invalid` if user id not present.
*/
public function get_user_id_from_token( $token ) {
$user_id = 'invalid';
if ( $token ) {
$parsed_token = explode( ':', wp_unslash( $token ) );
if ( isset( $parsed_token[2] ) && ctype_digit( $parsed_token[2] ) ) {
$user_id = $parsed_token[2];
}
}
return $user_id;
}
/**
* Gets the reported errors stored in the database
*
* @since 1.14.2
*
* @return array $errors
*/
public function get_stored_errors() {
$stored_errors = get_option( self::STORED_ERRORS_OPTION );
if ( ! is_array( $stored_errors ) ) {
$stored_errors = array();
}
$stored_errors = $this->garbage_collector( $stored_errors );
return $stored_errors;
}
/**
* Gets the verified errors stored in the database
*
* @since 1.14.2
*
* @return array $errors
*/
public function get_verified_errors() {
$verified_errors = get_option( self::STORED_VERIFIED_ERRORS_OPTION );
if ( ! is_array( $verified_errors ) ) {
$verified_errors = array();
}
$verified_errors = $this->garbage_collector( $verified_errors );
return $verified_errors;
}
/**
* Removes expired errors from the array
*
* This method is called by get_stored_errors and get_verified errors and filters their result
* Whenever a new error is stored to the database or verified, this will be triggered and the
* expired error will be permantently removed from the database
*
* @since 1.14.2
*
* @param array $errors array of errors as stored in the database.
* @return array
*/
private function garbage_collector( $errors ) {
foreach ( $errors as $error_code => $users ) {
foreach ( $users as $user_id => $error ) {
if ( self::ERROR_LIFE_TIME < time() - (int) $error['timestamp'] ) {
unset( $errors[ $error_code ][ $user_id ] );
}
}
}
// Clear empty error codes.
$errors = array_filter(
$errors,
function ( $user_errors ) {
return ! empty( $user_errors );
}
);
return $errors;
}
/**
* Delete all stored and verified errors from the database
*
* @since 1.14.2
*
* @return void
*/
public function delete_all_errors() {
$this->delete_stored_errors();
$this->delete_verified_errors();
}
/**
* Delete all stored and verified API errors from the database, leave the non-API errors intact.
*
* @since 1.54.0
*
* @return void
*/
public function delete_all_api_errors() {
$type_filter = function ( $errors ) {
if ( is_array( $errors ) ) {
foreach ( $errors as $key => $error ) {
if ( ! empty( $error['error_type'] ) && in_array( $error['error_type'], array( 'xmlrpc', 'rest' ), true ) ) {
unset( $errors[ $key ] );
}
}
}
return count( $errors ) ? $errors : null;
};
$stored_errors = $this->get_stored_errors();
if ( is_array( $stored_errors ) && count( $stored_errors ) ) {
$stored_errors = array_filter( array_map( $type_filter, $stored_errors ) );
if ( count( $stored_errors ) ) {
update_option( static::STORED_ERRORS_OPTION, $stored_errors );
} else {
delete_option( static::STORED_ERRORS_OPTION );
}
}
$verified_errors = $this->get_verified_errors();
if ( is_array( $verified_errors ) && count( $verified_errors ) ) {
$verified_errors = array_filter( array_map( $type_filter, $verified_errors ) );
if ( count( $verified_errors ) ) {
update_option( static::STORED_VERIFIED_ERRORS_OPTION, $verified_errors );
} else {
delete_option( static::STORED_VERIFIED_ERRORS_OPTION );
}
}
}
/**
* Delete all stored and verified errors from the database and returns unfiltered value
*
* This is used to hook into a couple of filters that expect true to not short circuit the disconnection flow
*
* @since 8.9.0
*
* @param mixed $check The input sent by the filter.
* @return boolean
*/
public function delete_all_errors_and_return_unfiltered_value( $check ) {
$this->delete_all_errors();
return $check;
}
/**
* Delete the reported errors stored in the database
*
* @since 1.14.2
*
* @return boolean True, if option is successfully deleted. False on failure.
*/
public function delete_stored_errors() {
return delete_option( self::STORED_ERRORS_OPTION );
}
/**
* Delete the verified errors stored in the database
*
* @since 1.14.2
*
* @return boolean True, if option is successfully deleted. False on failure.
*/
public function delete_verified_errors() {
return delete_option( self::STORED_VERIFIED_ERRORS_OPTION );
}
/**
* Gets an error based on the nonce
*
* Receives a nonce and finds the related error.
*
* @since 1.14.2
*
* @param string $nonce The nonce created for the error we want to get.
* @return null|array Returns the error array representation or null if error not found.
*/
public function get_error_by_nonce( $nonce ) {
$errors = $this->get_stored_errors();
foreach ( $errors as $user_group ) {
foreach ( $user_group as $error ) {
if ( $error['nonce'] === $nonce ) {
return $error;
}
}
}
return null;
}
/**
* Adds an error to the verified error list
*
* @since 1.14.2
*
* @param array $error The error array, as it was saved in the unverified errors list.
* @return void
*/
public function verify_error( $error ) {
$verified_errors = $this->get_verified_errors();
$error_code = $error['error_code'];
$user_id = $error['user_id'];
if ( ! isset( $verified_errors[ $error_code ] ) ) {
$verified_errors[ $error_code ] = array();
}
$verified_errors[ $error_code ][ $user_id ] = $error;
update_option( self::STORED_VERIFIED_ERRORS_OPTION, $verified_errors );
}
/**
* Register REST API end point for error hanlding.
*
* @since 1.14.2
*
* @return void
*/
public function register_verify_error_endpoint() {
register_rest_route(
'jetpack/v4',
'/verify_xmlrpc_error',
array(
'methods' => \WP_REST_Server::CREATABLE,
'callback' => array( $this, 'verify_xml_rpc_error' ),
'permission_callback' => '__return_true',
'args' => array(
'nonce' => array(
'required' => true,
'type' => 'string',
),
),
)
);
}
/**
* Handles verification that a xml rpc error is legit and came from WordPres.com
*
* @since 1.14.2
*
* @param \WP_REST_Request $request The request sent to the WP REST API.
*
* @return boolean
*/
public function verify_xml_rpc_error( \WP_REST_Request $request ) {
$error = $this->get_error_by_nonce( $request['nonce'] );
if ( $error ) {
$this->verify_error( $error );
return new \WP_REST_Response( true, 200 );
}
return new \WP_REST_Response( false, 200 );
}
/**
* Prints a generic error notice for all connection errors
*
* @since 8.9.0
*
* @return void
*/
public function generic_admin_notice_error() {
// do not add admin notice to the jetpack dashboard.
global $pagenow;
if ( 'admin.php' === $pagenow || isset( $_GET['page'] ) && 'jetpack' === $_GET['page'] ) { // phpcs:ignore
return;
}
if ( ! current_user_can( 'jetpack_connect' ) ) {
return;
}
/**
* Filters the message to be displayed in the admin notices area when there's a connection error.
*
* By default we don't display any errors.
*
* Return an empty value to disable the message.
*
* @since 8.9.0
*
* @param string $message The error message.
* @param array $errors The array of errors. See Automattic\Jetpack\Connection\Error_Handler for details on the array structure.
*/
$message = apply_filters( 'jetpack_connection_error_notice_message', '', $this->get_verified_errors() );
/**
* Fires inside the admin_notices hook just before displaying the error message for a broken connection.
*
* If you want to disable the default message from being displayed, return an emtpy value in the jetpack_connection_error_notice_message filter.
*
* @since 8.9.0
*
* @param array $errors The array of errors. See Automattic\Jetpack\Connection\Error_Handler for details on the array structure.
*/
do_action( 'jetpack_connection_error_notice', $this->get_verified_errors() );
if ( empty( $message ) ) {
return;
}
?>
<div class="notice notice-error is-dismissible jetpack-message jp-connect" style="display:block !important;">
<p><?php echo esc_html( $message ); ?></p>
</div>
<?php
}
/**
* Adds the error message to the Jetpack React Dashboard
*
* @since 8.9.0
*
* @param array $errors The array of errors. See Automattic\Jetpack\Connection\Error_Handler for details on the array structure.
* @return array
*/
public function jetpack_react_dashboard_error( $errors ) {
$errors[] = array(
'code' => 'connection_error',
'message' => __( 'Your connection with WordPress.com seems to be broken. If you\'re experiencing issues, please try reconnecting.', 'jetpack-connection' ),
'action' => 'reconnect',
'data' => array( 'api_error_code' => $this->error_code ),
);
return $errors;
}
/**
* Check REST API response for errors, and report them to WP.com if needed.
*
* @see wp_remote_request() For more information on the $http_response array format.
* @param array|\WP_Error $http_response The response or WP_Error on failure.
* @param array $auth_data Auth data, allowed keys: `token`, `timestamp`, `nonce`, `body-hash`.
* @param string $url Request URL.
* @param string $method Request method.
* @param string $error_type The source of an error: 'xmlrpc' or 'rest'.
*
* @return void
*/
public function check_api_response_for_errors( $http_response, $auth_data, $url, $method, $error_type ) {
if ( 200 === wp_remote_retrieve_response_code( $http_response ) || ! is_array( $auth_data ) || ! $url || ! $method ) {
return;
}
$body_raw = wp_remote_retrieve_body( $http_response );
if ( ! $body_raw ) {
return;
}
$body = json_decode( $body_raw, true );
if ( empty( $body['error'] ) || ( ! is_string( $body['error'] ) && ! is_int( $body['error'] ) ) ) {
return;
}
$error = new \WP_Error(
$body['error'],
empty( $body['message'] ) ? '' : $body['message'],
array(
'signature_details' => array(
'token' => empty( $auth_data['token'] ) ? '' : $auth_data['token'],
'timestamp' => empty( $auth_data['timestamp'] ) ? '' : $auth_data['timestamp'],
'nonce' => empty( $auth_data['nonce'] ) ? '' : $auth_data['nonce'],
'body_hash' => empty( $auth_data['body_hash'] ) ? '' : $auth_data['body_hash'],
'method' => $method,
'url' => $url,
),
'error_type' => in_array( $error_type, array( 'xmlrpc', 'rest' ), true ) ? $error_type : '',
)
);
$this->report_error( $error, false, true );
}
}

252
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-heartbeat.php
View File

@ -1,252 +0,0 @@
<?php
/**
* Jetpack Heartbeat package.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack;
use Jetpack_Options;
use WP_CLI;
/**
* Heartbeat sends a batch of stats to wp.com once a day
*/
class Heartbeat {
/**
* Holds the singleton instance of this class
*
* @since 1.0.0
* @since-jetpack 2.3.3
* @var Heartbeat
*/
private static $instance = false;
/**
* Cronjob identifier
*
* @var string
*/
private $cron_name = 'jetpack_v2_heartbeat';
/**
* Singleton
*
* @since 1.0.0
* @since-jetpack 2.3.3
* @static
* @return Heartbeat
*/
public static function init() {
if ( ! self::$instance ) {
self::$instance = new Heartbeat();
}
return self::$instance;
}
/**
* Constructor for singleton
*
* @since 1.0.0
* @since-jetpack 2.3.3
*/
private function __construct() {
// Schedule the task.
add_action( $this->cron_name, array( $this, 'cron_exec' ) );
if ( ! wp_next_scheduled( $this->cron_name ) ) {
// Deal with the old pre-3.0 weekly one.
$timestamp = wp_next_scheduled( 'jetpack_heartbeat' );
if ( $timestamp ) {
wp_unschedule_event( $timestamp, 'jetpack_heartbeat' );
}
wp_schedule_event( time(), 'daily', $this->cron_name );
}
add_filter( 'jetpack_xmlrpc_unauthenticated_methods', array( __CLASS__, 'jetpack_xmlrpc_methods' ) );
if ( defined( 'WP_CLI' ) && WP_CLI ) {
WP_CLI::add_command( 'jetpack-heartbeat', array( $this, 'cli_callback' ) );
}
}
/**
* Method that gets executed on the wp-cron call
*
* @since 1.0.0
* @since-jetpack 2.3.3
* @global string $wp_version
*/
public function cron_exec() {
$a8c_mc_stats = new A8c_Mc_Stats();
/*
* This should run daily. Figuring in for variances in
* WP_CRON, don't let it run more than every 23 hours at most.
*
* i.e. if it ran less than 23 hours ago, fail out.
*/
$last = (int) Jetpack_Options::get_option( 'last_heartbeat' );
if ( $last && ( $last + DAY_IN_SECONDS - HOUR_IN_SECONDS > time() ) ) {
return;
}
/*
* Check for an identity crisis
*
* If one exists:
* - Bump stat for ID crisis
* - Email site admin about potential ID crisis
*/
// Coming Soon!
foreach ( self::generate_stats_array( 'v2-' ) as $key => $value ) {
if ( is_array( $value ) ) {
foreach ( $value as $v ) {
$a8c_mc_stats->add( $key, (string) $v );
}
} else {
$a8c_mc_stats->add( $key, (string) $value );
}
}
Jetpack_Options::update_option( 'last_heartbeat', time() );
$a8c_mc_stats->do_server_side_stats();
/**
* Fires when we synchronize all registered options on heartbeat.
*
* @since 3.3.0
*/
do_action( 'jetpack_heartbeat' );
}
/**
* Generates heartbeat stats data.
*
* @param string $prefix Prefix to add before stats identifier.
*
* @return array The stats array.
*/
public static function generate_stats_array( $prefix = '' ) {
/**
* This filter is used to build the array of stats that are bumped once a day by Jetpack Heartbeat.
*
* Filter the array and add key => value pairs where
* * key is the stat group name
* * value is the stat name.
*
* Example:
* add_filter( 'jetpack_heartbeat_stats_array', function( $stats ) {
* $stats['is-https'] = is_ssl() ? 'https' : 'http';
* });
*
* This will bump the stats for the 'is-https/https' or 'is-https/http' stat.
*
* @param array $stats The stats to be filtered.
* @param string $prefix The prefix that will automatically be added at the begining at each stat group name.
*/
$stats = apply_filters( 'jetpack_heartbeat_stats_array', array(), $prefix );
$return = array();
// Apply prefix to stats.
foreach ( $stats as $stat => $value ) {
$return[ "$prefix$stat" ] = $value;
}
return $return;
}
/**
* Registers jetpack.getHeartbeatData xmlrpc method
*
* @param array $methods The list of methods to be filtered.
* @return array $methods
*/
public static function jetpack_xmlrpc_methods( $methods ) {
$methods['jetpack.getHeartbeatData'] = array( __CLASS__, 'xmlrpc_data_response' );
return $methods;
}
/**
* Handles the response for the jetpack.getHeartbeatData xmlrpc method
*
* @param array $params The parameters received in the request.
* @return array $params all the stats that heartbeat handles.
*/
public static function xmlrpc_data_response( $params = array() ) {
// The WordPress XML-RPC server sets a default param of array()
// if no argument is passed on the request and the method handlers get this array in $params.
// generate_stats_array() needs a string as first argument.
$params = empty( $params ) ? '' : $params;
return self::generate_stats_array( $params );
}
/**
* Clear scheduled events
*
* @return void
*/
public function deactivate() {
// Deal with the old pre-3.0 weekly one.
$timestamp = wp_next_scheduled( 'jetpack_heartbeat' );
if ( $timestamp ) {
wp_unschedule_event( $timestamp, 'jetpack_heartbeat' );
}
$timestamp = wp_next_scheduled( $this->cron_name );
wp_unschedule_event( $timestamp, $this->cron_name );
}
/**
* Interact with the Heartbeat
*
* ## OPTIONS
*
* inspect (default): Gets the list of data that is going to be sent in the heartbeat and the date/time of the last heartbeat
*
* @param array $args Arguments passed via CLI.
*
* @return void
*/
public function cli_callback( $args ) {
$allowed_args = array(
'inspect',
);
if ( isset( $args[0] ) && ! in_array( $args[0], $allowed_args, true ) ) {
/* translators: %s is a command like "prompt" */
WP_CLI::error( sprintf( __( '%s is not a valid command.', 'jetpack-connection' ), $args[0] ) );
}
$stats = self::generate_stats_array();
$formatted_stats = array();
foreach ( $stats as $stat_name => $bin ) {
$formatted_stats[] = array(
'Stat name' => $stat_name,
'Bin' => $bin,
);
}
WP_CLI\Utils\format_items( 'table', $formatted_stats, array( 'Stat name', 'Bin' ) );
$last_heartbeat = Jetpack_Options::get_option( 'last_heartbeat' );
if ( $last_heartbeat ) {
$last_date = gmdate( 'Y-m-d H:i:s', $last_heartbeat );
/* translators: %s is the full datetime of the last heart beat e.g. 2020-01-01 12:21:23 */
WP_CLI::line( sprintf( __( 'Last heartbeat sent at: %s', 'jetpack-connection' ), $last_date ) );
}
}
}

61
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-initial-state.php
View File

@ -1,61 +0,0 @@
<?php
/**
* The React initial state.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
use Automattic\Jetpack\Status;
/**
* The React initial state.
*/
class Initial_State {
/**
* Get the initial state data.
*
* @return array
*/
private static function get_data() {
global $wp_version;
$status = new Status();
return array(
'apiRoot' => esc_url_raw( rest_url() ),
'apiNonce' => wp_create_nonce( 'wp_rest' ),
'registrationNonce' => wp_create_nonce( 'jetpack-registration-nonce' ),
'connectionStatus' => REST_Connector::connection_status( false ),
'userConnectionData' => REST_Connector::get_user_connection_data( false ),
'connectedPlugins' => REST_Connector::get_connection_plugins( false ),
'wpVersion' => $wp_version,
'siteSuffix' => $status->get_site_suffix(),
'connectionErrors' => Error_Handler::get_instance()->get_verified_errors(),
'isOfflineMode' => $status->is_offline_mode(),
'calypsoEnv' => ( new Status\Host() )->get_calypso_env(),
);
}
/**
* Render the initial state into a JavaScript variable.
*
* @return string
*/
public static function render() {
return 'var JP_CONNECTION_INITIAL_STATE; typeof JP_CONNECTION_INITIAL_STATE === "object" || (JP_CONNECTION_INITIAL_STATE = JSON.parse(decodeURIComponent("' . rawurlencode( wp_json_encode( self::get_data() ) ) . '")));';
}
/**
* Render the initial state using an inline script.
*
* @param string $handle The JS script handle.
*
* @return void
*/
public static function render_script( $handle ) {
wp_add_inline_script( $handle, static::render(), 'before' );
}
}

2596
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-manager.php
View File

File diff suppressed because it is too large Load Diff

212
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-nonce-handler.php
View File

@ -1,212 +0,0 @@
<?php
/**
* The nonce handler.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
/**
* The nonce handler.
*/
class Nonce_Handler {
/**
* How long the scheduled cleanup can run (in seconds).
* Can be modified using the filter `jetpack_connection_nonce_scheduled_cleanup_limit`.
*/
const SCHEDULED_CLEANUP_TIME_LIMIT = 5;
/**
* How many nonces should be removed per batch during the `clean_all()` run.
*/
const CLEAN_ALL_LIMIT_PER_BATCH = 1000;
/**
* Nonce lifetime in seconds.
*/
const LIFETIME = HOUR_IN_SECONDS;
/**
* The nonces used during the request are stored here to keep them valid.
* The property is static to keep the nonces accessible between the `Nonce_Handler` instances.
*
* @var array
*/
private static $nonces_used_this_request = array();
/**
* The database object.
*
* @var \wpdb
*/
private $db;
/**
* Initializing the object.
*/
public function __construct() {
global $wpdb;
$this->db = $wpdb;
}
/**
* Scheduling the WP-cron cleanup event.
*/
public function init_schedule() {
add_action( 'jetpack_clean_nonces', array( __CLASS__, 'clean_scheduled' ) );
if ( ! wp_next_scheduled( 'jetpack_clean_nonces' ) ) {
wp_schedule_event( time(), 'hourly', 'jetpack_clean_nonces' );
}
}
/**
* Reschedule the WP-cron cleanup event to make it start sooner.
*/
public function reschedule() {
wp_clear_scheduled_hook( 'jetpack_clean_nonces' );
wp_schedule_event( time(), 'hourly', 'jetpack_clean_nonces' );
}
/**
* Adds a used nonce to a list of known nonces.
*
* @param int $timestamp the current request timestamp.
* @param string $nonce the nonce value.
*
* @return bool whether the nonce is unique or not.
*/
public function add( $timestamp, $nonce ) {
if ( isset( static::$nonces_used_this_request[ "$timestamp:$nonce" ] ) ) {
return static::$nonces_used_this_request[ "$timestamp:$nonce" ];
}
// This should always have gone through Jetpack_Signature::sign_request() first to check $timestamp and $nonce.
$timestamp = (int) $timestamp;
$nonce = esc_sql( $nonce );
// Raw query so we can avoid races: add_option will also update.
$show_errors = $this->db->hide_errors();
// Running `try...finally` to make sure that we re-enable errors in case of an exception.
try {
$old_nonce = $this->db->get_row(
$this->db->prepare( "SELECT 1 FROM `{$this->db->options}` WHERE option_name = %s", "jetpack_nonce_{$timestamp}_{$nonce}" )
);
if ( $old_nonce === null ) {
$return = (bool) $this->db->query(
$this->db->prepare(
"INSERT INTO `{$this->db->options}` (`option_name`, `option_value`, `autoload`) VALUES (%s, %s, %s)",
"jetpack_nonce_{$timestamp}_{$nonce}",
time(),
'no'
)
);
} else {
$return = false;
}
} finally {
$this->db->show_errors( $show_errors );
}
static::$nonces_used_this_request[ "$timestamp:$nonce" ] = $return;
return $return;
}
/**
* Removing all existing nonces, or at least as many as possible.
* Capped at 20 seconds to avoid breaking the site.
*
* @param int $cutoff_timestamp All nonces added before this timestamp will be removed.
* @param int $time_limit How long the cleanup can run (in seconds).
*
* @return true
*/
public function clean_all( $cutoff_timestamp = PHP_INT_MAX, $time_limit = 20 ) {
// phpcs:ignore Generic.CodeAnalysis.ForLoopWithTestFunctionCall.NotAllowed
for ( $end_time = time() + $time_limit; time() < $end_time; ) {
$result = $this->delete( static::CLEAN_ALL_LIMIT_PER_BATCH, $cutoff_timestamp );
if ( ! $result ) {
break;
}
}
return true;
}
/**
* Scheduled clean up of the expired nonces.
*/
public static function clean_scheduled() {
/**
* Adjust the time limit for the scheduled cleanup.
*
* @since 9.5.0
*
* @param int $time_limit How long the cleanup can run (in seconds).
*/
$time_limit = apply_filters( 'jetpack_connection_nonce_cleanup_runtime_limit', static::SCHEDULED_CLEANUP_TIME_LIMIT );
( new static() )->clean_all( time() - static::LIFETIME, $time_limit );
}
/**
* Delete the nonces.
*
* @param int $limit How many nonces to delete.
* @param null|int $cutoff_timestamp All nonces added before this timestamp will be removed.
*
* @return int|false Number of removed nonces, or `false` if nothing to remove (or in case of a database error).
*/
public function delete( $limit = 10, $cutoff_timestamp = null ) {
global $wpdb;
$ids = $wpdb->get_col(
$wpdb->prepare(
"SELECT option_id FROM `{$wpdb->options}`"
. " WHERE `option_name` >= 'jetpack_nonce_' AND `option_name` < %s"
. ' LIMIT %d',
'jetpack_nonce_' . $cutoff_timestamp,
$limit
)
);
if ( ! is_array( $ids ) ) {
// There's an error and we can't proceed.
return false;
}
// Removing zeroes in case AUTO_INCREMENT of the options table is broken, and all ID's are zeroes.
$ids = array_filter( $ids );
if ( array() === $ids ) {
// There's nothing to remove.
return false;
}
$ids_fill = implode( ', ', array_fill( 0, count( $ids ), '%d' ) );
$args = $ids;
$args[] = 'jetpack_nonce_%';
// The Code Sniffer is unable to understand what's going on...
// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber
return $wpdb->query( $wpdb->prepare( "DELETE FROM `{$wpdb->options}` WHERE `option_id` IN ( {$ids_fill} ) AND option_name LIKE %s", $args ) );
}
/**
* Clean the cached nonces valid during the current request, therefore making them invalid.
*
* @return bool
*/
public static function invalidate_request_nonces() {
static::$nonces_used_this_request = array();
return true;
}
}

176
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-package-version-tracker.php
View File

@ -1,176 +0,0 @@
<?php
/**
* The Package_Version_Tracker class.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
/**
* The Package_Version_Tracker class.
*/
class Package_Version_Tracker {
const PACKAGE_VERSION_OPTION = 'jetpack_package_versions';
/**
* The cache key for storing a failed request to update remote package versions.
* The caching logic is that when a failed request occurs, we cache it temporarily
* with a set expiration time.
* Only after the key has expired, we'll be able to repeat a remote request.
* This also implies that the cached value is redundant, however we chose the datetime
* of the failed request to avoid using booleans.
*/
const CACHED_FAILED_REQUEST_KEY = 'jetpack_failed_update_remote_package_versions';
/**
* The min time difference in seconds for attempting to
* update remote tracked package versions after a failed remote request.
*/
const CACHED_FAILED_REQUEST_EXPIRATION = 1 * HOUR_IN_SECONDS;
/**
* Transient key for rate limiting the package version requests;
*/
const RATE_LIMITER_KEY = 'jetpack_update_remote_package_last_query';
/**
* Only allow one versions check (and request) per minute.
*/
const RATE_LIMITER_TIMEOUT = MINUTE_IN_SECONDS;
/**
* Uses the jetpack_package_versions filter to obtain the package versions from packages that need
* version tracking. If the package versions have changed, updates the option and notifies WPCOM.
*/
public function maybe_update_package_versions() {
// Do not run too early or all the modules may not be loaded.
if ( ! did_action( 'init' ) ) {
return;
}
// The version check is being rate limited.
if ( $this->is_rate_limiting() ) {
return;
}
/**
* Obtains the package versions.
*
* @since 1.30.2
*
* @param array An associative array of Jetpack package slugs and their corresponding versions as key/value pairs.
*/
$filter_versions = apply_filters( 'jetpack_package_versions', array() );
if ( ! is_array( $filter_versions ) ) {
return;
}
$option_versions = get_option( self::PACKAGE_VERSION_OPTION, array() );
foreach ( $filter_versions as $package => $version ) {
if ( ! is_string( $package ) || ! is_string( $version ) ) {
unset( $filter_versions[ $package ] );
}
}
if ( ! is_array( $option_versions )
|| count( array_diff_assoc( $filter_versions, $option_versions ) )
|| count( array_diff_assoc( $option_versions, $filter_versions ) )
) {
$this->update_package_versions_option( $filter_versions );
}
}
/**
* Updates the package versions option.
*
* @param array $package_versions The package versions.
*/
protected function update_package_versions_option( $package_versions ) {
if ( ! $this->is_sync_enabled() ) {
$this->update_package_versions_via_remote_request( $package_versions );
return;
}
update_option( self::PACKAGE_VERSION_OPTION, $package_versions );
}
/**
* Whether Jetpack Sync is enabled.
*
* @return boolean true if Sync is present and enabled, false otherwise
*/
protected function is_sync_enabled() {
if ( class_exists( 'Automattic\Jetpack\Sync\Settings' ) && \Automattic\Jetpack\Sync\Settings::is_sync_enabled() ) {
return true;
}
return false;
}
/**
* Fallback for updating the package versions via a remote request when Sync is not present.
*
* Updates the package versions as follows:
* - Sends the updated package versions to wpcom.
* - Updates the 'jetpack_package_versions' option.
*
* @param array $package_versions The package versions.
*/
protected function update_package_versions_via_remote_request( $package_versions ) {
$connection = new Manager();
if ( ! $connection->is_connected() ) {
return;
}
$site_id = \Jetpack_Options::get_option( 'id' );
$last_failed_attempt_within_hour = get_transient( self::CACHED_FAILED_REQUEST_KEY );
if ( $last_failed_attempt_within_hour ) {
return;
}
$body = wp_json_encode(
array(
'package_versions' => $package_versions,
)
);
$response = Client::wpcom_json_api_request_as_blog(
sprintf( '/sites/%d/jetpack-package-versions', $site_id ),
'2',
array(
'headers' => array( 'content-type' => 'application/json' ),
'method' => 'POST',
),
$body,
'wpcom'
);
if ( 200 === wp_remote_retrieve_response_code( $response ) ) {
update_option( self::PACKAGE_VERSION_OPTION, $package_versions );
} else {
set_transient( self::CACHED_FAILED_REQUEST_KEY, time(), self::CACHED_FAILED_REQUEST_EXPIRATION );
}
}
/**
* Check if version check is being rate limited, and update the rate limiting transient if needed.
*
* @return bool
*/
private function is_rate_limiting() {
if ( get_transient( static::RATE_LIMITER_KEY ) ) {
return true;
}
set_transient( static::RATE_LIMITER_KEY, time(), static::RATE_LIMITER_TIMEOUT );
return false;
}
}

30
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-package-version.php
View File

@ -1,30 +0,0 @@
<?php
/**
* The Package_Version class.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
/**
* The Package_Version class.
*/
class Package_Version {
const PACKAGE_VERSION = '2.5.0';
const PACKAGE_SLUG = 'connection';
/**
* Adds the package slug and version to the package version tracker's data.
*
* @param array $package_versions The package version array.
*
* @return array The packge version array.
*/
public static function send_package_version_to_tracker( $package_versions ) {
$package_versions[ self::PACKAGE_SLUG ] = self::PACKAGE_VERSION;
return $package_versions;
}
}

466
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-partner-coupon.php
View File

@ -1,466 +0,0 @@
<?php
/**
* Class for the Jetpack partner coupon logic.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack;
use Automattic\Jetpack\Connection\Client as Connection_Client;
use Automattic\Jetpack\Connection\Manager as Connection_Manager;
use Jetpack_Options;
/**
* Disable direct access.
*/
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
/**
* Class Jetpack_Partner_Coupon
*
* @since partner-1.6.0
* @since 2.0.0
*/
class Partner_Coupon {
/**
* Name of the Jetpack_Option coupon option.
*
* @var string
*/
public static $coupon_option = 'partner_coupon';
/**
* Name of the Jetpack_Option added option.
*
* @var string
*/
public static $added_option = 'partner_coupon_added';
/**
* Name of "last availability check" transient.
*
* @var string
*/
public static $last_check_transient = 'jetpack_partner_coupon_last_check';
/**
* Callable that executes a blog-authenticated request.
*
* @var callable
*/
protected $request_as_blog;
/**
* Jetpack_Partner_Coupon
*
* @var Partner_Coupon|null
**/
private static $instance = null;
/**
* A list of supported partners.
*
* @var array
*/
private static $supported_partners = array(
'IONOS' => array(
'name' => 'IONOS',
'logo' => array(
'src' => '/images/ionos-logo.jpg',
'width' => 119,
'height' => 32,
),
),
);
/**
* A list of supported presets.
*
* @var array
*/
private static $supported_presets = array(
'IONA' => 'jetpack_backup_daily',
);
/**
* Get singleton instance of class.
*
* @return Partner_Coupon
*/
public static function get_instance() {
if ( self::$instance === null ) {
self::$instance = new Partner_Coupon( array( Connection_Client::class, 'wpcom_json_api_request_as_blog' ) );
}
return self::$instance;
}
/**
* Constructor.
*
* @param callable $request_as_blog Callable that executes a blog-authenticated request.
*/
public function __construct( $request_as_blog ) {
$this->request_as_blog = $request_as_blog;
}
/**
* Register hooks to catch and purge coupon.
*
* @param string $plugin_slug The plugin slug to differentiate between Jetpack connections.
* @param string $redirect_location The location we should redirect to after catching the coupon.
*/
public static function register_coupon_admin_hooks( $plugin_slug, $redirect_location ) {
$instance = self::get_instance();
// We have to use an anonymous function, so we can pass along relevant information
// and not have to hardcode values for a single plugin.
// This open up the opportunity for e.g. the "all-in-one" and backup plugins
// to both implement partner coupon logic.
add_action(
'admin_init',
function () use ( $plugin_slug, $redirect_location, $instance ) {
$instance->catch_coupon( $plugin_slug, $redirect_location );
$instance->maybe_purge_coupon( $plugin_slug );
}
);
}
/**
* Catch partner coupon and redirect to claim component.
*
* @param string $plugin_slug The plugin slug to differentiate between Jetpack connections.
* @param string $redirect_location The location we should redirect to after catching the coupon.
*/
public function catch_coupon( $plugin_slug, $redirect_location ) {
// Accept and store a partner coupon if present, and redirect to Jetpack connection screen.
$partner_coupon = isset( $_GET['jetpack-partner-coupon'] ) ? sanitize_text_field( wp_unslash( $_GET['jetpack-partner-coupon'] ) ) : false; // phpcs:ignore WordPress.Security.NonceVerification.Recommended
if ( $partner_coupon ) {
Jetpack_Options::update_options(
array(
self::$coupon_option => $partner_coupon,
self::$added_option => time(),
)
);
$connection = new Connection_Manager( $plugin_slug );
if ( $connection->is_connected() ) {
$redirect_location = add_query_arg( array( 'showCouponRedemption' => 1 ), $redirect_location );
wp_safe_redirect( $redirect_location );
} else {
wp_safe_redirect( $redirect_location );
}
}
}
/**
* Purge partner coupon.
*
* We try to remotely check if a coupon looks valid. We also automatically purge
* partner coupons after a certain amount of time to prevent unnecessary look-ups
* and/or promoting a product for months or years in the future due to unknown
* errors.
*
* @param string $plugin_slug The plugin slug to differentiate between Jetpack connections.
*/
public function maybe_purge_coupon( $plugin_slug ) {
// Only run coupon checks on Jetpack admin pages.
// The "admin-ui" package is responsible for registering the Jetpack admin
// page for all Jetpack plugins and has hardcoded the settings page to be
// "jetpack", so we shouldn't need to allow for dynamic/custom values.
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
if ( ! isset( $_GET['page'] ) || 'jetpack' !== $_GET['page'] ) {
return;
}
if ( ( new Status() )->is_offline_mode() ) {
return;
}
$connection = new Connection_Manager( $plugin_slug );
if ( ! $connection->is_connected() ) {
return;
}
if ( $this->maybe_purge_coupon_by_added_date() ) {
return;
}
// Limit checks to happen once a minute at most.
if ( get_transient( self::$last_check_transient ) ) {
return;
}
set_transient( self::$last_check_transient, true, MINUTE_IN_SECONDS );
$this->maybe_purge_coupon_by_availability_check();
}
/**
* Purge coupon based on local added date.
*
* We automatically remove the coupon after a month to "self-heal" if
* something in the claim process has broken with the site.
*
* @return bool Return whether we should skip further purge checks.
*/
protected function maybe_purge_coupon_by_added_date() {
$date = Jetpack_Options::get_option( self::$added_option, '' );
if ( empty( $date ) ) {
return true;
}
$expire_date = strtotime( '+30 days', $date );
$today = time();
if ( $today >= $expire_date ) {
$this->delete_coupon_data();
return true;
}
return false;
}
/**
* Purge coupon based on availability check.
*
* @return bool Return whether we deleted coupon data.
*/
protected function maybe_purge_coupon_by_availability_check() {
$blog_id = Jetpack_Options::get_option( 'id', false );
if ( ! $blog_id ) {
return false;
}
$coupon = self::get_coupon();
if ( ! $coupon ) {
return false;
}
$response = call_user_func_array(
$this->request_as_blog,
array(
add_query_arg(
array( 'coupon_code' => $coupon['coupon_code'] ),
sprintf(
'/sites/%d/jetpack-partner/coupon/v1/site/coupon',
$blog_id
)
),
2,
array( 'method' => 'GET' ),
null,
'wpcom',
)
);
$body = json_decode( wp_remote_retrieve_body( $response ), true );
if (
200 === wp_remote_retrieve_response_code( $response ) &&
is_array( $body ) &&
isset( $body['available'] ) &&
false === $body['available']
) {
$this->delete_coupon_data();
return true;
}
return false;
}
/**
* Delete all coupon data.
*/
protected function delete_coupon_data() {
Jetpack_Options::delete_option(
array(
self::$coupon_option,
self::$added_option,
)
);
}
/**
* Get partner coupon data.
*
* @return array|bool
*/
public static function get_coupon() {
$coupon_code = Jetpack_Options::get_option( self::$coupon_option, '' );
if ( ! is_string( $coupon_code ) || empty( $coupon_code ) ) {
return false;
}
$instance = self::get_instance();
$partner = $instance->get_coupon_partner( $coupon_code );
if ( ! $partner ) {
return false;
}
$preset = $instance->get_coupon_preset( $coupon_code );
if ( ! $preset ) {
return false;
}
$product = $instance->get_coupon_product( $preset );
if ( ! $product ) {
return false;
}
return array(
'coupon_code' => $coupon_code,
'partner' => $partner,
'preset' => $preset,
'product' => $product,
);
}
/**
* Get coupon partner.
*
* @param string $coupon_code Coupon code to go through.
* @return array|bool
*/
private function get_coupon_partner( $coupon_code ) {
if ( ! is_string( $coupon_code ) || false === strpos( $coupon_code, '_' ) ) {
return false;
}
$prefix = strtok( $coupon_code, '_' );
$supported_partners = $this->get_supported_partners();
if ( ! isset( $supported_partners[ $prefix ] ) ) {
return false;
}
return array(
'name' => $supported_partners[ $prefix ]['name'],
'prefix' => $prefix,
'logo' => isset( $supported_partners[ $prefix ]['logo'] ) ? $supported_partners[ $prefix ]['logo'] : null,
);
}
/**
* Get coupon product.
*
* @param string $coupon_preset The preset we wish to find a product for.
* @return array|bool
*/
private function get_coupon_product( $coupon_preset ) {
if ( ! is_string( $coupon_preset ) ) {
return false;
}
/**
* Allow for plugins to register supported products.
*
* @since 1.6.0
*
* @param array A list of product details.
* @return array
*/
$product_details = apply_filters( 'jetpack_partner_coupon_products', array() );
$product_slug = $this->get_supported_presets()[ $coupon_preset ];
foreach ( $product_details as $product ) {
if ( ! $this->array_keys_exist( array( 'title', 'slug', 'description', 'features' ), $product ) ) {
continue;
}
if ( $product_slug === $product['slug'] ) {
return $product;
}
}
return false;
}
/**
* Checks if multiple keys are present in an array.
*
* @param array $needles The keys we wish to check for.
* @param array $haystack The array we want to compare keys against.
*
* @return bool
*/
private function array_keys_exist( $needles, $haystack ) {
foreach ( $needles as $needle ) {
if ( ! isset( $haystack[ $needle ] ) ) {
return false;
}
}
return true;
}
/**
* Get coupon preset.
*
* @param string $coupon_code Coupon code to go through.
* @return string|bool
*/
private function get_coupon_preset( $coupon_code ) {
if ( ! is_string( $coupon_code ) ) {
return false;
}
$regex = '/^.*?_(?P<slug>.*?)_.+$/';
$matches = array();
if ( ! preg_match( $regex, $coupon_code, $matches ) ) {
return false;
}
return isset( $this->get_supported_presets()[ $matches['slug'] ] ) ? $matches['slug'] : false;
}
/**
* Get supported partners.
*
* @return array
*/
private function get_supported_partners() {
/**
* Allow external code to add additional supported partners.
*
* @since partner-1.6.0
* @since 2.0.0
*
* @param array $supported_partners A list of supported partners.
* @return array
*/
return apply_filters( 'jetpack_partner_coupon_supported_partners', self::$supported_partners );
}
/**
* Get supported presets.
*
* @return array
*/
private function get_supported_presets() {
/**
* Allow external code to add additional supported presets.
*
* @since partner-1.6.0
* @since 2.0.0
*
* @param array $supported_presets A list of supported presets.
* @return array
*/
return apply_filters( 'jetpack_partner_coupon_supported_presets', self::$supported_presets );
}
}

215
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-partner.php
View File

@ -1,215 +0,0 @@
<?php
/**
* Jetpack Partner utilities.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack;
/**
* This class introduces functionality used by Jetpack hosting partners.
*
* @since partner-1.0.0
* @since 2.0.0
*/
class Partner {
/**
* Affiliate code.
*/
const AFFILIATE_CODE = 'affiliate';
/**
* Subsidiary id code.
*/
const SUBSIDIARY_CODE = 'subsidiary';
/**
* Singleton instance.
*
* @since partner-1.0.0
* @since 2.0.0
*
* @var Partner This class instance.
*/
private static $instance = null;
/**
* Partner constructor.
*/
private function __construct() {
}
/**
* Initializes the class or returns the singleton.
*
* @since partner-1.0.0
* @since 2.0.0
*
* @return Partner | false
*/
public static function init() {
if ( self::$instance === null ) {
self::$instance = new Partner();
add_filter( 'jetpack_build_authorize_url', array( self::$instance, 'add_subsidiary_id_as_query_arg' ) );
add_filter( 'jetpack_build_authorize_url', array( self::$instance, 'add_affiliate_code_as_query_arg' ) );
add_filter( 'jetpack_build_connection_url', array( self::$instance, 'add_subsidiary_id_as_query_arg' ) );
add_filter( 'jetpack_build_connection_url', array( self::$instance, 'add_affiliate_code_as_query_arg' ) );
add_filter( 'jetpack_register_request_body', array( self::$instance, 'add_subsidiary_id_to_params_array' ) );
add_filter( 'jetpack_register_request_body', array( self::$instance, 'add_affiliate_code_to_params_array' ) );
}
return self::$instance;
}
/**
* Adds the partner subsidiary code to the passed URL.
*
* @param string $url The URL.
*
* @return string
*/
public function add_subsidiary_id_as_query_arg( $url ) {
return $this->add_code_as_query_arg( self::SUBSIDIARY_CODE, $url );
}
/**
* Adds the affiliate code to the passed URL.
*
* @param string $url The URL.
*
* @return string
*/
public function add_affiliate_code_as_query_arg( $url ) {
return $this->add_code_as_query_arg( self::AFFILIATE_CODE, $url );
}
/**
* Adds the partner subsidiary code to the passed array.
*
* @since partner-1.5.0
* @since 2.0.0
*
* @param array $params The parameters array.
*
* @return array
*/
public function add_subsidiary_id_to_params_array( $params ) {
if ( ! is_array( $params ) ) {
return $params;
}
return array_merge( $params, $this->get_code_as_array( self::SUBSIDIARY_CODE ) );
}
/**
* Adds the affiliate code to the passed array.
*
* @since partner-1.5.0
* @since 2.0.0
*
* @param array $params The parameters array.
*
* @return array
*/
public function add_affiliate_code_to_params_array( $params ) {
if ( ! is_array( $params ) ) {
return $params;
}
return array_merge( $params, $this->get_code_as_array( self::AFFILIATE_CODE ) );
}
/**
* Returns the passed URL with the partner code added as a URL query arg.
*
* @since partner-1.0.0
* @since 2.0.0
*
* @param string $type The partner code.
* @param string $url The URL where the partner subsidiary id will be added.
*
* @return string The passed URL with the partner code added.
*/
public function add_code_as_query_arg( $type, $url ) {
return add_query_arg( $this->get_code_as_array( $type ), $url );
}
/**
* Gets the partner code in an associative array format
*
* @since partner-1.5.0
* @since 2.0.0
*
* @param string $type The partner code.
* @return array
*/
private function get_code_as_array( $type ) {
switch ( $type ) {
case self::AFFILIATE_CODE:
$query_arg_name = 'aff';
break;
case self::SUBSIDIARY_CODE:
$query_arg_name = 'subsidiaryId';
break;
default:
return array();
}
$code = $this->get_partner_code( $type );
if ( '' === $code ) {
return array();
}
return array( $query_arg_name => $code );
}
/**
* Returns a partner code.
*
* @since partner-1.0.0
* @since 2.0.0
*
* @param string $type This can be either 'affiliate' or 'subsidiary'. Returns empty string when code is unknown.
*
* @return string The partner code.
*/
public function get_partner_code( $type ) {
switch ( $type ) {
case self::AFFILIATE_CODE:
/**
* Allow to filter the affiliate code.
*
* @since partner-1.0.0
* @since-jetpack 6.9.0
* @since 2.0.0
*
* @param string $affiliate_code The affiliate code, blank by default.
*/
return apply_filters( 'jetpack_affiliate_code', get_option( 'jetpack_affiliate_code', '' ) );
case self::SUBSIDIARY_CODE:
/**
* Allow to filter the partner subsidiary id.
*
* @since partner-1.0.0
* @since 2.0.0
*
* @param string $subsidiary_id The partner subsidiary id, blank by default.
*/
return apply_filters(
'jetpack_partner_subsidiary_id',
get_option( 'jetpack_partner_subsidiary_id', '' )
);
default:
return '';
}
}
/**
* Resets the singleton for testing purposes.
*/
public static function reset() {
self::$instance = null;
}
}

268
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-plugin-storage.php
View File

@ -1,268 +0,0 @@
<?php
/**
* Storage for plugin connection information.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
use WP_Error;
/**
* The class serves a single purpose - to store the data which plugins use the connection, along with some auxiliary information.
*/
class Plugin_Storage {
const ACTIVE_PLUGINS_OPTION_NAME = 'jetpack_connection_active_plugins';
/**
* Options where disabled plugins were stored
*
* @deprecated since 1.39.0.
* @var string
*/
const PLUGINS_DISABLED_OPTION_NAME = 'jetpack_connection_disabled_plugins';
/**
* Whether this class was configured for the first time or not.
*
* @var boolean
*/
private static $configured = false;
/**
* Refresh list of connected plugins upon intialization.
*
* @var boolean
*/
private static $refresh_connected_plugins = false;
/**
* Connected plugins.
*
* @var array
*/
private static $plugins = array();
/**
* The blog ID the storage is setup for.
* The data will be refreshed if the blog ID changes.
* Used for the multisite networks.
*
* @var int
*/
private static $current_blog_id = null;
/**
* Add or update the plugin information in the storage.
*
* @param string $slug Plugin slug.
* @param array $args Plugin arguments, optional.
*
* @return bool
*/
public static function upsert( $slug, array $args = array() ) {
self::$plugins[ $slug ] = $args;
// if plugin is not in the list of active plugins, refresh the list.
if ( ! array_key_exists( $slug, (array) get_option( self::ACTIVE_PLUGINS_OPTION_NAME, array() ) ) ) {
self::$refresh_connected_plugins = true;
}
return true;
}
/**
* Retrieve the plugin information by slug.
* WARNING: the method cannot be called until Plugin_Storage::configure is called, which happens on plugins_loaded
* Even if you don't use Jetpack Config, it may be introduced later by other plugins,
* so please make sure not to run the method too early in the code.
*
* @param string $slug The plugin slug.
*
* @return array|null|WP_Error
*/
public static function get_one( $slug ) {
$plugins = self::get_all();
if ( $plugins instanceof WP_Error ) {
return $plugins;
}
return empty( $plugins[ $slug ] ) ? null : $plugins[ $slug ];
}
/**
* Retrieve info for all plugins that use the connection.
* WARNING: the method cannot be called until Plugin_Storage::configure is called, which happens on plugins_loaded
* Even if you don't use Jetpack Config, it may be introduced later by other plugins,
* so please make sure not to run the method too early in the code.
*
* @since 1.39.0 deprecated the $connected_only argument.
*
* @param null $deprecated null plugins that were explicitly disconnected. Deprecated, there's no such a thing as disconnecting only specific plugins anymore.
*
* @return array|WP_Error
*/
public static function get_all( $deprecated = null ) { // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
$maybe_error = self::ensure_configured();
if ( $maybe_error instanceof WP_Error ) {
return $maybe_error;
}
return self::$plugins;
}
/**
* Remove the plugin connection info from Jetpack.
* WARNING: the method cannot be called until Plugin_Storage::configure is called, which happens on plugins_loaded
* Even if you don't use Jetpack Config, it may be introduced later by other plugins,
* so please make sure not to run the method too early in the code.
*
* @param string $slug The plugin slug.
*
* @return bool|WP_Error
*/
public static function delete( $slug ) {
$maybe_error = self::ensure_configured();
if ( $maybe_error instanceof WP_Error ) {
return $maybe_error;
}
if ( array_key_exists( $slug, self::$plugins ) ) {
unset( self::$plugins[ $slug ] );
}
return true;
}
/**
* The method makes sure that `Jetpack\Config` has finished, and it's now safe to retrieve the list of plugins.
*
* @return bool|WP_Error
*/
private static function ensure_configured() {
if ( ! self::$configured ) {
return new WP_Error( 'too_early', __( 'You cannot call this method until Jetpack Config is configured', 'jetpack-connection' ) );
}
if ( is_multisite() && get_current_blog_id() !== self::$current_blog_id ) {
self::$plugins = (array) get_option( self::ACTIVE_PLUGINS_OPTION_NAME, array() );
self::$current_blog_id = get_current_blog_id();
}
return true;
}
/**
* Called once to configure this class after plugins_loaded.
*
* @return void
*/
public static function configure() {
if ( self::$configured ) {
return;
}
if ( is_multisite() ) {
self::$current_blog_id = get_current_blog_id();
}
// If a plugin was activated or deactivated.
// self::$plugins is populated in Config::ensure_options_connection().
$number_of_plugins_differ = count( self::$plugins ) !== count( (array) get_option( self::ACTIVE_PLUGINS_OPTION_NAME, array() ) );
if ( $number_of_plugins_differ || true === self::$refresh_connected_plugins ) {
self::update_active_plugins_option();
}
self::$configured = true;
}
/**
* Updates the active plugins option with current list of active plugins.
*
* @return void
*/
public static function update_active_plugins_option() {
// Note: Since this options is synced to wpcom, if you change its structure, you have to update the sanitizer at wpcom side.
update_option( self::ACTIVE_PLUGINS_OPTION_NAME, self::$plugins );
if ( ! class_exists( 'Automattic\Jetpack\Sync\Settings' ) || ! \Automattic\Jetpack\Sync\Settings::is_sync_enabled() ) {
self::update_active_plugins_wpcom_no_sync_fallback();
}
}
/**
* Add the plugin to the set of disconnected ones.
*
* @deprecated since 1.39.0.
*
* @param string $slug Plugin slug.
*
* @return bool
*/
public static function disable_plugin( $slug ) { // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
return true;
}
/**
* Remove the plugin from the set of disconnected ones.
*
* @deprecated since 1.39.0.
*
* @param string $slug Plugin slug.
*
* @return bool
*/
public static function enable_plugin( $slug ) { // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
return true;
}
/**
* Get all plugins that were disconnected by user.
*
* @deprecated since 1.39.0.
*
* @return array
*/
public static function get_all_disabled_plugins() { // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
return array();
}
/**
* Update active plugins option with current list of active plugins on WPCOM.
* This is a fallback to ensure this option is always up to date on WPCOM in case
* Sync is not present or disabled.
*
* @since 1.34.0
*/
private static function update_active_plugins_wpcom_no_sync_fallback() {
$connection = new Manager();
if ( ! $connection->is_connected() ) {
return;
}
$site_id = \Jetpack_Options::get_option( 'id' );
$body = wp_json_encode(
array(
'active_connected_plugins' => self::$plugins,
)
);
Client::wpcom_json_api_request_as_blog(
sprintf( '/sites/%d/jetpack-active-connected-plugins', $site_id ),
'2',
array(
'headers' => array( 'content-type' => 'application/json' ),
'method' => 'POST',
),
$body,
'wpcom'
);
}
}

122
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-plugin.php
View File

@ -1,122 +0,0 @@
<?php
/**
* Plugin connection management class.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
/**
* Plugin connection management class.
* The class represents a single plugin that uses Jetpack connection.
* Its functionality has been pretty simplistic so far: add to the storage (`Plugin_Storage`), remove it from there,
* and determine whether it's the last active connection. As the component grows, there'll be more functionality added.
*/
class Plugin {
/**
* List of the keys allowed as arguments
*
* @var array
*/
private $arguments_whitelist = array(
'url_info',
);
/**
* Plugin slug.
*
* @var string
*/
private $slug;
/**
* Initialize the plugin manager.
*
* @param string $slug Plugin slug.
*/
public function __construct( $slug ) {
$this->slug = $slug;
}
/**
* Get the plugin slug.
*
* @return string
*/
public function get_slug() {
return $this->slug;
}
/**
* Add the plugin connection info into Jetpack.
*
* @param string $name Plugin name, required.
* @param array $args Plugin arguments, optional.
*
* @return $this
* @see $this->arguments_whitelist
*/
public function add( $name, array $args = array() ) {
$args = compact( 'name' ) + array_intersect_key( $args, array_flip( $this->arguments_whitelist ) );
Plugin_Storage::upsert( $this->slug, $args );
return $this;
}
/**
* Remove the plugin connection info from Jetpack.
*
* @return $this
*/
public function remove() {
Plugin_Storage::delete( $this->slug );
return $this;
}
/**
* Determine if this plugin connection is the only one active at the moment, if any.
*
* @return bool
*/
public function is_only() {
$plugins = Plugin_Storage::get_all();
return ! $plugins || ( array_key_exists( $this->slug, $plugins ) && 1 === count( $plugins ) );
}
/**
* Add the plugin to the set of disconnected ones.
*
* @deprecated since 1.39.0.
*
* @return bool
*/
public function disable() {
return true;
}
/**
* Remove the plugin from the set of disconnected ones.
*
* @deprecated since 1.39.0.
*
* @return bool
*/
public function enable() {
return true;
}
/**
* Whether this plugin is allowed to use the connection.
*
* @deprecated since 11.0
* @return bool
*/
public function is_enabled() {
return true;
}
}

220
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-rest-authentication.php
View File

@ -1,220 +0,0 @@
<?php
/**
* The Jetpack Connection Rest Authentication file.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
/**
* The Jetpack Connection Rest Authentication class.
*/
class Rest_Authentication {
/**
* The rest authentication status.
*
* @since 1.17.0
* @var boolean
*/
private $rest_authentication_status = null;
/**
* The rest authentication type.
* Can be either 'user' or 'blog' depending on whether the request
* is signed with a user or a blog token.
*
* @since 1.29.0
* @var string
*/
private $rest_authentication_type = null;
/**
* The Manager object.
*
* @since 1.17.0
* @var Object
*/
private $connection_manager = null;
/**
* Holds the singleton instance of this class
*
* @since 1.17.0
* @var Object
*/
private static $instance = false;
/**
* Flag used to avoid determine_current_user filter to enter an infinite loop
*
* @since 1.26.0
* @var boolean
*/
private $doing_determine_current_user_filter = false;
/**
* The constructor.
*/
private function __construct() {
$this->connection_manager = new Manager();
}
/**
* Controls the single instance of this class.
*
* @static
*/
public static function init() {
if ( ! self::$instance ) {
self::$instance = new self();
add_filter( 'determine_current_user', array( self::$instance, 'wp_rest_authenticate' ) );
add_filter( 'rest_authentication_errors', array( self::$instance, 'wp_rest_authentication_errors' ) );
}
return self::$instance;
}
/**
* Authenticates requests from Jetpack server to WP REST API endpoints.
* Uses the existing XMLRPC request signing implementation.
*
* @param int|bool $user User ID if one has been determined, false otherwise.
*
* @return int|null The user id or null if the request was authenticated via blog token, or not authenticated at all.
*/
public function wp_rest_authenticate( $user ) {
if ( $this->doing_determine_current_user_filter ) {
return $user;
}
$this->doing_determine_current_user_filter = true;
try {
if ( ! empty( $user ) ) {
// Another authentication method is in effect.
return $user;
}
add_filter(
'jetpack_constant_default_value',
__NAMESPACE__ . '\Utils::jetpack_api_constant_filter',
10,
2
);
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
if ( ! isset( $_GET['_for'] ) || 'jetpack' !== $_GET['_for'] ) {
// Nothing to do for this authentication method.
return null;
}
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
if ( ! isset( $_GET['token'] ) && ! isset( $_GET['signature'] ) ) {
// Nothing to do for this authentication method.
return null;
}
if ( ! isset( $_SERVER['REQUEST_METHOD'] ) ) {
$this->rest_authentication_status = new \WP_Error(
'rest_invalid_request',
__( 'The request method is missing.', 'jetpack-connection' ),
array( 'status' => 400 )
);
return null;
}
// Only support specific request parameters that have been tested and
// are known to work with signature verification. A different method
// can be passed to the WP REST API via the '?_method=' parameter if
// needed.
if ( 'GET' !== $_SERVER['REQUEST_METHOD'] && 'POST' !== $_SERVER['REQUEST_METHOD'] ) {
$this->rest_authentication_status = new \WP_Error(
'rest_invalid_request',
__( 'This request method is not supported.', 'jetpack-connection' ),
array( 'status' => 400 )
);
return null;
}
if ( 'POST' !== $_SERVER['REQUEST_METHOD'] && ! empty( file_get_contents( 'php://input' ) ) ) {
$this->rest_authentication_status = new \WP_Error(
'rest_invalid_request',
__( 'This request method does not support body parameters.', 'jetpack-connection' ),
array( 'status' => 400 )
);
return null;
}
$verified = $this->connection_manager->verify_xml_rpc_signature();
if (
$verified &&
isset( $verified['type'] ) &&
'blog' === $verified['type']
) {
// Site-level authentication successful.
$this->rest_authentication_status = true;
$this->rest_authentication_type = 'blog';
return null;
}
if (
$verified &&
isset( $verified['type'] ) &&
'user' === $verified['type'] &&
! empty( $verified['user_id'] )
) {
// User-level authentication successful.
$this->rest_authentication_status = true;
$this->rest_authentication_type = 'user';
return $verified['user_id'];
}
// Something else went wrong. Probably a signature error.
$this->rest_authentication_status = new \WP_Error(
'rest_invalid_signature',
__( 'The request is not signed correctly.', 'jetpack-connection' ),
array( 'status' => 400 )
);
return null;
} finally {
$this->doing_determine_current_user_filter = false;
}
}
/**
* Report authentication status to the WP REST API.
*
* @param WP_Error|mixed $value Error from another authentication handler, null if we should handle it, or another value if not.
* @return WP_Error|boolean|null {@see WP_JSON_Server::check_authentication}
*/
public function wp_rest_authentication_errors( $value ) {
if ( null !== $value ) {
return $value;
}
return $this->rest_authentication_status;
}
/**
* Resets the saved authentication state in between testing requests.
*/
public function reset_saved_auth_state() {
$this->rest_authentication_status = null;
$this->connection_manager->reset_saved_auth_state();
}
/**
* Whether the request was signed with a blog token.
*
* @since 1.29.0
*
* @return bool True if the request was signed with a valid blog token, false otherwise.
*/
public static function is_signed_with_blog_token() {
$instance = self::init();
return true === $instance->rest_authentication_status && 'blog' === $instance->rest_authentication_type;
}
}

937
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-rest-connector.php
View File

@ -1,937 +0,0 @@
<?php
/**
* Sets up the Connection REST API endpoints.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
use Automattic\Jetpack\Constants;
use Automattic\Jetpack\Redirect;
use Automattic\Jetpack\Status;
use Jetpack_XMLRPC_Server;
use WP_Error;
use WP_REST_Request;
use WP_REST_Response;
use WP_REST_Server;
/**
* Registers the REST routes for Connections.
*/
class REST_Connector {
/**
* The Connection Manager.
*
* @var Manager
*/
private $connection;
/**
* This property stores the localized "Insufficient Permissions" error message.
*
* @var string Generic error message when user is not allowed to perform an action.
*/
private static $user_permissions_error_msg;
const JETPACK__DEBUGGER_PUBLIC_KEY = "\r\n" . '-----BEGIN PUBLIC KEY-----' . "\r\n"
. 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+uLLVoxGCY71LS6KFc6' . "\r\n"
. '1UnF6QGBAsi5XF8ty9kR3/voqfOkpW+gRerM2Kyjy6DPCOmzhZj7BFGtxSV2ZoMX' . "\r\n"
. '9ZwWxzXhl/Q/6k8jg8BoY1QL6L2K76icXJu80b+RDIqvOfJruaAeBg1Q9NyeYqLY' . "\r\n"
. 'lEVzN2vIwcFYl+MrP/g6Bc2co7Jcbli+tpNIxg4Z+Hnhbs7OJ3STQLmEryLpAxQO' . "\r\n"
. 'q8cbhQkMx+FyQhxzSwtXYI/ClCUmTnzcKk7SgGvEjoKGAmngILiVuEJ4bm7Q1yok' . "\r\n"
. 'xl9+wcfW6JAituNhml9dlHCWnn9D3+j8pxStHihKy2gVMwiFRjLEeD8K/7JVGkb/' . "\r\n"
. 'EwIDAQAB' . "\r\n"
. '-----END PUBLIC KEY-----' . "\r\n";
/**
* Constructor.
*
* @param Manager $connection The Connection Manager.
*/
public function __construct( Manager $connection ) {
$this->connection = $connection;
self::$user_permissions_error_msg = esc_html__(
'You do not have the correct user permissions to perform this action.
Please contact your site admin if you think this is a mistake.',
'jetpack-connection'
);
$jp_version = Constants::get_constant( 'JETPACK__VERSION' );
if ( ! $this->connection->has_connected_owner() ) {
// Register a site.
register_rest_route(
'jetpack/v4',
'/verify_registration',
array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => array( $this, 'verify_registration' ),
'permission_callback' => '__return_true',
)
);
}
// Authorize a remote user.
register_rest_route(
'jetpack/v4',
'/remote_authorize',
array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => __CLASS__ . '::remote_authorize',
'permission_callback' => '__return_true',
)
);
// Authorize a remote user.
register_rest_route(
'jetpack/v4',
'/remote_provision',
array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => array( $this, 'remote_provision' ),
'permission_callback' => array( $this, 'remote_provision_permission_check' ),
)
);
register_rest_route(
'jetpack/v4',
'/remote_register',
array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => array( $this, 'remote_register' ),
'permission_callback' => array( $this, 'remote_register_permission_check' ),
)
);
// Get current connection status of Jetpack.
register_rest_route(
'jetpack/v4',
'/connection',
array(
'methods' => WP_REST_Server::READABLE,
'callback' => __CLASS__ . '::connection_status',
'permission_callback' => '__return_true',
)
);
// Disconnect site.
register_rest_route(
'jetpack/v4',
'/connection',
array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => __CLASS__ . '::disconnect_site',
'permission_callback' => __CLASS__ . '::disconnect_site_permission_check',
'args' => array(
'isActive' => array(
'description' => __( 'Set to false will trigger the site to disconnect.', 'jetpack-connection' ),
'validate_callback' => function ( $value ) {
if ( false !== $value ) {
return new WP_Error(
'rest_invalid_param',
__( 'The isActive argument should be set to false.', 'jetpack-connection' ),
array( 'status' => 400 )
);
}
return true;
},
'required' => true,
),
),
)
);
// We are only registering this route if Jetpack-the-plugin is not active or it's version is ge 10.0-alpha.
// The reason for doing so is to avoid conflicts between the Connection package and
// older versions of Jetpack, registering the same route twice.
if ( empty( $jp_version ) || version_compare( $jp_version, '10.0-alpha', '>=' ) ) {
// Get current user connection data.
register_rest_route(
'jetpack/v4',
'/connection/data',
array(
'methods' => WP_REST_Server::READABLE,
'callback' => __CLASS__ . '::get_user_connection_data',
'permission_callback' => __CLASS__ . '::user_connection_data_permission_check',
)
);
}
// Get list of plugins that use the Jetpack connection.
register_rest_route(
'jetpack/v4',
'/connection/plugins',
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( __CLASS__, 'get_connection_plugins' ),
'permission_callback' => __CLASS__ . '::connection_plugins_permission_check',
)
);
// Full or partial reconnect in case of connection issues.
register_rest_route(
'jetpack/v4',
'/connection/reconnect',
array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => array( $this, 'connection_reconnect' ),
'permission_callback' => __CLASS__ . '::jetpack_reconnect_permission_check',
)
);
// Register the site (get `blog_token`).
register_rest_route(
'jetpack/v4',
'/connection/register',
array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => array( $this, 'connection_register' ),
'permission_callback' => __CLASS__ . '::jetpack_register_permission_check',
'args' => array(
'from' => array(
'description' => __( 'Indicates where the registration action was triggered for tracking/segmentation purposes', 'jetpack-connection' ),
'type' => 'string',
),
'registration_nonce' => array(
'description' => __( 'The registration nonce', 'jetpack-connection' ),
'type' => 'string',
'required' => true,
),
'redirect_uri' => array(
'description' => __( 'URI of the admin page where the user should be redirected after connection flow', 'jetpack-connection' ),
'type' => 'string',
),
'plugin_slug' => array(
'description' => __( 'Indicates from what plugin the request is coming from', 'jetpack-connection' ),
'type' => 'string',
),
),
)
);
// Get authorization URL.
register_rest_route(
'jetpack/v4',
'/connection/authorize_url',
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'connection_authorize_url' ),
'permission_callback' => __CLASS__ . '::user_connection_data_permission_check',
'args' => array(
'redirect_uri' => array(
'description' => __( 'URI of the admin page where the user should be redirected after connection flow', 'jetpack-connection' ),
'type' => 'string',
),
),
)
);
register_rest_route(
'jetpack/v4',
'/user-token',
array(
array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => array( static::class, 'update_user_token' ),
'permission_callback' => array( static::class, 'update_user_token_permission_check' ),
'args' => array(
'user_token' => array(
'description' => __( 'New user token', 'jetpack-connection' ),
'type' => 'string',
'required' => true,
),
'is_connection_owner' => array(
'description' => __( 'Is connection owner', 'jetpack-connection' ),
'type' => 'boolean',
),
),
),
)
);
// Set the connection owner.
register_rest_route(
'jetpack/v4',
'/connection/owner',
array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => array( static::class, 'set_connection_owner' ),
'permission_callback' => array( static::class, 'set_connection_owner_permission_check' ),
'args' => array(
'owner' => array(
'description' => __( 'New owner', 'jetpack-connection' ),
'type' => 'integer',
'required' => true,
),
),
)
);
}
/**
* Handles verification that a site is registered.
*
* @since 1.7.0
* @since-jetpack 5.4.0
*
* @param WP_REST_Request $request The request sent to the WP REST API.
*
* @return string|WP_Error
*/
public function verify_registration( WP_REST_Request $request ) {
$registration_data = array( $request['secret_1'], $request['state'] );
return $this->connection->handle_registration( $registration_data );
}
/**
* Handles verification that a site is registered
*
* @since 1.7.0
* @since-jetpack 5.4.0
*
* @param WP_REST_Request $request The request sent to the WP REST API.
*
* @return array|wp-error
*/
public static function remote_authorize( $request ) {
$xmlrpc_server = new Jetpack_XMLRPC_Server();
$result = $xmlrpc_server->remote_authorize( $request );
if ( is_a( $result, 'IXR_Error' ) ) {
$result = new WP_Error( $result->code, $result->message );
}
return $result;
}
/**
* Initiate the site provisioning process.
*
* @since 2.5.0
*
* @param WP_REST_Request $request The request sent to the WP REST API.
*
* @return WP_Error|array
*/
public static function remote_provision( WP_REST_Request $request ) {
$xmlrpc_server = new Jetpack_XMLRPC_Server();
$result = $xmlrpc_server->remote_provision( $request );
if ( is_a( $result, 'IXR_Error' ) ) {
$result = new WP_Error( $result->code, $result->message );
}
return $result;
}
/**
* Register the site so that a plan can be provisioned.
*
* @since 2.5.0
*
* @param WP_REST_Request $request The request object.
*
* @return WP_Error|array
*/
public function remote_register( WP_REST_Request $request ) {
$xmlrpc_server = new Jetpack_XMLRPC_Server();
$result = $xmlrpc_server->remote_register( $request );
if ( is_a( $result, 'IXR_Error' ) ) {
$result = new WP_Error( $result->code, $result->message );
}
return $result;
}
/**
* Remote provision endpoint permission check.
*
* @return true|WP_Error
*/
public function remote_provision_permission_check() {
return Rest_Authentication::is_signed_with_blog_token()
? true
: new WP_Error( 'invalid_permission_remote_provision', self::get_user_permissions_error_msg(), array( 'status' => rest_authorization_required_code() ) );
}
/**
* Remote register endpoint permission check.
*
* @return true|WP_Error
*/
public function remote_register_permission_check() {
if ( $this->connection->has_connected_owner() ) {
return Rest_Authentication::is_signed_with_blog_token()
? true
: new WP_Error( 'already_registered', __( 'Blog is already registered', 'jetpack-connection' ), 400 );
}
return true;
}
/**
* Get connection status for this Jetpack site.
*
* @since 1.7.0
* @since-jetpack 4.3.0
*
* @param bool $rest_response Should we return a rest response or a simple array. Default to rest response.
*
* @return WP_REST_Response|array Connection information.
*/
public static function connection_status( $rest_response = true ) {
$status = new Status();
$connection = new Manager();
$connection_status = array(
'isActive' => $connection->has_connected_owner(), // TODO deprecate this.
'isStaging' => $status->is_staging_site(),
'isRegistered' => $connection->is_connected(),
'isUserConnected' => $connection->is_user_connected(),
'hasConnectedOwner' => $connection->has_connected_owner(),
'offlineMode' => array(
'isActive' => $status->is_offline_mode(),
'constant' => defined( 'JETPACK_DEV_DEBUG' ) && JETPACK_DEV_DEBUG,
'url' => $status->is_local_site(),
/** This filter is documented in packages/status/src/class-status.php */
'filter' => ( apply_filters( 'jetpack_development_mode', false ) || apply_filters( 'jetpack_offline_mode', false ) ), // jetpack_development_mode is deprecated.
'wpLocalConstant' => defined( 'WP_LOCAL_DEV' ) && WP_LOCAL_DEV,
),
'isPublic' => '1' == get_option( 'blog_public' ), // phpcs:ignore Universal.Operators.StrictComparisons.LooseEqual
);
/**
* Filters the connection status data.
*
* @since 1.25.0
*
* @param array An array containing the connection status data.
*/
$connection_status = apply_filters( 'jetpack_connection_status', $connection_status );
if ( $rest_response ) {
return rest_ensure_response(
$connection_status
);
} else {
return $connection_status;
}
}
/**
* Get plugins connected to the Jetpack.
*
* @param bool $rest_response Should we return a rest response or a simple array. Default to rest response.
*
* @since 1.13.1
* @since 1.38.0 Added $rest_response param.
*
* @return WP_REST_Response|WP_Error Response or error object, depending on the request result.
*/
public static function get_connection_plugins( $rest_response = true ) {
$plugins = ( new Manager() )->get_connected_plugins();
if ( is_wp_error( $plugins ) ) {
return $plugins;
}
array_walk(
$plugins,
function ( &$data, $slug ) {
$data['slug'] = $slug;
}
);
if ( $rest_response ) {
return rest_ensure_response( array_values( $plugins ) );
}
return array_values( $plugins );
}
/**
* Verify that user can view Jetpack admin page and can activate plugins.
*
* @since 1.15.0
*
* @return bool|WP_Error Whether user has the capability 'activate_plugins'.
*/
public static function activate_plugins_permission_check() {
if ( current_user_can( 'activate_plugins' ) ) {
return true;
}
return new WP_Error( 'invalid_user_permission_activate_plugins', self::get_user_permissions_error_msg(), array( 'status' => rest_authorization_required_code() ) );
}
/**
* Permission check for the connection_plugins endpoint
*
* @return bool|WP_Error
*/
public static function connection_plugins_permission_check() {
if ( true === static::activate_plugins_permission_check() ) {
return true;
}
if ( true === static::is_request_signed_by_jetpack_debugger() ) {
return true;
}
return new WP_Error( 'invalid_user_permission_activate_plugins', self::get_user_permissions_error_msg(), array( 'status' => rest_authorization_required_code() ) );
}
/**
* Permission check for the disconnect site endpoint.
*
* @since 1.30.1
*
* @return bool|WP_Error True if user is able to disconnect the site.
*/
public static function disconnect_site_permission_check() {
if ( current_user_can( 'jetpack_disconnect' ) ) {
return true;
}
return new WP_Error(
'invalid_user_permission_jetpack_disconnect',
self::get_user_permissions_error_msg(),
array( 'status' => rest_authorization_required_code() )
);
}
/**
* Get miscellaneous user data related to the connection. Similar data available in old "My Jetpack".
* Information about the master/primary user.
* Information about the current user.
*
* @param bool $rest_response Should we return a rest response or a simple array. Default to rest response.
*
* @since 1.30.1
*
* @return \WP_REST_Response|array
*/
public static function get_user_connection_data( $rest_response = true ) {
$blog_id = \Jetpack_Options::get_option( 'id' );
$connection = new Manager();
$current_user = wp_get_current_user();
$connection_owner = $connection->get_connection_owner();
$owner_display_name = false === $connection_owner ? null : $connection_owner->display_name;
$is_user_connected = $connection->is_user_connected();
$is_master_user = false === $connection_owner ? false : ( $current_user->ID === $connection_owner->ID );
$wpcom_user_data = $connection->get_connected_user_data();
// Add connected user gravatar to the returned wpcom_user_data.
// Probably we shouldn't do this when $wpcom_user_data is false, but we have been since 2016 so
// clients probably expect that by now.
if ( false === $wpcom_user_data ) {
$wpcom_user_data = array();
}
$wpcom_user_data['avatar'] = ( ! empty( $wpcom_user_data['email'] ) ?
get_avatar_url(
$wpcom_user_data['email'],
array(
'size' => 64,
'default' => 'mysteryman',
)
)
: false );
$current_user_connection_data = array(
'isConnected' => $is_user_connected,
'isMaster' => $is_master_user,
'username' => $current_user->user_login,
'id' => $current_user->ID,
'blogId' => $blog_id,
'wpcomUser' => $wpcom_user_data,
'gravatar' => get_avatar_url( $current_user->ID, 64, 'mm', '', array( 'force_display' => true ) ),
'permissions' => array(
'connect' => current_user_can( 'jetpack_connect' ),
'connect_user' => current_user_can( 'jetpack_connect_user' ),
'disconnect' => current_user_can( 'jetpack_disconnect' ),
),
);
/**
* Filters the current user connection data.
*
* @since 1.30.1
*
* @param array An array containing the current user connection data.
*/
$current_user_connection_data = apply_filters( 'jetpack_current_user_connection_data', $current_user_connection_data );
$response = array(
'currentUser' => $current_user_connection_data,
'connectionOwner' => $owner_display_name,
);
if ( $rest_response ) {
return rest_ensure_response( $response );
}
return $response;
}
/**
* Permission check for the connection/data endpoint
*
* @return bool|WP_Error
*/
public static function user_connection_data_permission_check() {
if ( current_user_can( 'jetpack_connect_user' ) ) {
return true;
}
return new WP_Error(
'invalid_user_permission_user_connection_data',
self::get_user_permissions_error_msg(),
array( 'status' => rest_authorization_required_code() )
);
}
/**
* Verifies if the request was signed with the Jetpack Debugger key
*
* @param string|null $pub_key The public key used to verify the signature. Default is the Jetpack Debugger key. This is used for testing purposes.
*
* @return bool
*/
public static function is_request_signed_by_jetpack_debugger( $pub_key = null ) {
// phpcs:disable WordPress.Security.NonceVerification.Recommended
if ( ! isset( $_GET['signature'] ) || ! isset( $_GET['timestamp'] ) || ! isset( $_GET['url'] ) || ! isset( $_GET['rest_route'] ) ) {
return false;
}
// signature timestamp must be within 5min of current time.
if ( abs( time() - (int) $_GET['timestamp'] ) > 300 ) {
return false;
}
$signature = base64_decode( filter_var( wp_unslash( $_GET['signature'] ) ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
$signature_data = wp_json_encode(
array(
'rest_route' => filter_var( wp_unslash( $_GET['rest_route'] ) ),
'timestamp' => (int) $_GET['timestamp'],
'url' => filter_var( wp_unslash( $_GET['url'] ) ),
)
);
if (
! function_exists( 'openssl_verify' )
|| 1 !== openssl_verify(
$signature_data,
$signature,
$pub_key ? $pub_key : static::JETPACK__DEBUGGER_PUBLIC_KEY
)
) {
return false;
}
// phpcs:enable WordPress.Security.NonceVerification.Recommended
return true;
}
/**
* Verify that user is allowed to disconnect Jetpack.
*
* @since 1.15.0
*
* @return bool|WP_Error Whether user has the capability 'jetpack_disconnect'.
*/
public static function jetpack_reconnect_permission_check() {
if ( current_user_can( 'jetpack_reconnect' ) ) {
return true;
}
return new WP_Error( 'invalid_user_permission_jetpack_disconnect', self::get_user_permissions_error_msg(), array( 'status' => rest_authorization_required_code() ) );
}
/**
* Returns generic error message when user is not allowed to perform an action.
*
* @return string The error message.
*/
public static function get_user_permissions_error_msg() {
return self::$user_permissions_error_msg;
}
/**
* The endpoint tried to partially or fully reconnect the website to WP.com.
*
* @since 1.15.0
*
* @return \WP_REST_Response|WP_Error
*/
public function connection_reconnect() {
$response = array();
$next = null;
$result = $this->connection->restore();
if ( is_wp_error( $result ) ) {
$response = $result;
} elseif ( is_string( $result ) ) {
$next = $result;
} else {
$next = true === $result ? 'completed' : 'failed';
}
switch ( $next ) {
case 'authorize':
$response['status'] = 'in_progress';
$response['authorizeUrl'] = $this->connection->get_authorization_url();
break;
case 'completed':
$response['status'] = 'completed';
/**
* Action fired when reconnection has completed successfully.
*
* @since 1.18.1
*/
do_action( 'jetpack_reconnection_completed' );
break;
case 'failed':
$response = new WP_Error( 'Reconnect failed' );
break;
}
return rest_ensure_response( $response );
}
/**
* Verify that user is allowed to connect Jetpack.
*
* @since 1.26.0
*
* @return bool|WP_Error Whether user has the capability 'jetpack_connect'.
*/
public static function jetpack_register_permission_check() {
if ( current_user_can( 'jetpack_connect' ) ) {
return true;
}
return new WP_Error( 'invalid_user_permission_jetpack_connect', self::get_user_permissions_error_msg(), array( 'status' => rest_authorization_required_code() ) );
}
/**
* The endpoint tried to partially or fully reconnect the website to WP.com.
*
* @since 1.7.0
* @since-jetpack 7.7.0
*
* @param \WP_REST_Request $request The request sent to the WP REST API.
*
* @return \WP_REST_Response|WP_Error
*/
public function connection_register( $request ) {
if ( ! wp_verify_nonce( $request->get_param( 'registration_nonce' ), 'jetpack-registration-nonce' ) ) {
return new WP_Error( 'invalid_nonce', __( 'Unable to verify your request.', 'jetpack-connection' ), array( 'status' => 403 ) );
}
if ( isset( $request['from'] ) ) {
$this->connection->add_register_request_param( 'from', (string) $request['from'] );
}
if ( ! empty( $request['plugin_slug'] ) ) {
// If `plugin_slug` matches a plugin using the connection, let's inform the plugin that is establishing the connection.
$connected_plugin = Plugin_Storage::get_one( (string) $request['plugin_slug'] );
if ( ! is_wp_error( $connected_plugin ) && ! empty( $connected_plugin ) ) {
$this->connection->set_plugin_instance( new Plugin( (string) $request['plugin_slug'] ) );
}
}
$result = $this->connection->try_registration();
if ( is_wp_error( $result ) ) {
return $result;
}
$redirect_uri = $request->get_param( 'redirect_uri' ) ? admin_url( $request->get_param( 'redirect_uri' ) ) : null;
if ( class_exists( 'Jetpack' ) ) {
$authorize_url = \Jetpack::build_authorize_url( $redirect_uri );
} else {
$authorize_url = $this->connection->get_authorization_url( null, $redirect_uri );
}
/**
* Filters the response of jetpack/v4/connection/register endpoint
*
* @param array $response Array response
* @since 1.27.0
*/
$response_body = apply_filters(
'jetpack_register_site_rest_response',
array()
);
// We manipulate the alternate URLs after the filter is applied, so they can not be overwritten.
$response_body['authorizeUrl'] = $authorize_url;
if ( ! empty( $response_body['alternateAuthorizeUrl'] ) ) {
$response_body['alternateAuthorizeUrl'] = Redirect::get_url( $response_body['alternateAuthorizeUrl'] );
}
return rest_ensure_response( $response_body );
}
/**
* Get the authorization URL.
*
* @since 1.27.0
*
* @param \WP_REST_Request $request The request sent to the WP REST API.
*
* @return \WP_REST_Response|WP_Error
*/
public function connection_authorize_url( $request ) {
$redirect_uri = $request->get_param( 'redirect_uri' ) ? admin_url( $request->get_param( 'redirect_uri' ) ) : null;
$authorize_url = $this->connection->get_authorization_url( null, $redirect_uri );
return rest_ensure_response(
array(
'authorizeUrl' => $authorize_url,
)
);
}
/**
* The endpoint tried to partially or fully reconnect the website to WP.com.
*
* @since 1.29.0
*
* @param \WP_REST_Request $request The request sent to the WP REST API.
*
* @return \WP_REST_Response|WP_Error
*/
public static function update_user_token( $request ) {
$token_parts = explode( '.', $request['user_token'] );
if ( count( $token_parts ) !== 3 || ! (int) $token_parts[2] || ! ctype_digit( $token_parts[2] ) ) {
return new WP_Error( 'invalid_argument_user_token', esc_html__( 'Invalid user token is provided', 'jetpack-connection' ) );
}
$user_id = (int) $token_parts[2];
if ( false === get_userdata( $user_id ) ) {
return new WP_Error( 'invalid_argument_user_id', esc_html__( 'Invalid user id is provided', 'jetpack-connection' ) );
}
$connection = new Manager();
if ( ! $connection->is_connected() ) {
return new WP_Error( 'site_not_connected', esc_html__( 'Site is not connected', 'jetpack-connection' ) );
}
$is_connection_owner = isset( $request['is_connection_owner'] )
? (bool) $request['is_connection_owner']
: ( new Manager() )->get_connection_owner_id() === $user_id;
( new Tokens() )->update_user_token( $user_id, $request['user_token'], $is_connection_owner );
/**
* Fires when the user token gets successfully replaced.
*
* @since 1.29.0
*
* @param int $user_id User ID.
* @param string $token New user token.
*/
do_action( 'jetpack_updated_user_token', $user_id, $request['user_token'] );
return rest_ensure_response(
array(
'success' => true,
)
);
}
/**
* Disconnects Jetpack from the WordPress.com Servers
*
* @since 1.30.1
*
* @return bool|WP_Error True if Jetpack successfully disconnected.
*/
public static function disconnect_site() {
$connection = new Manager();
if ( $connection->is_connected() ) {
$connection->disconnect_site();
return rest_ensure_response( array( 'code' => 'success' ) );
}
return new WP_Error(
'disconnect_failed',
esc_html__( 'Failed to disconnect the site as it appears already disconnected.', 'jetpack-connection' ),
array( 'status' => 400 )
);
}
/**
* Verify that the API client is allowed to replace user token.
*
* @since 1.29.0
*
* @return bool|WP_Error.
*/
public static function update_user_token_permission_check() {
return Rest_Authentication::is_signed_with_blog_token()
? true
: new WP_Error( 'invalid_permission_update_user_token', self::get_user_permissions_error_msg(), array( 'status' => rest_authorization_required_code() ) );
}
/**
* Change the connection owner.
*
* @since 1.29.0
*
* @param WP_REST_Request $request The request sent to the WP REST API.
*
* @return \WP_REST_Response|WP_Error
*/
public static function set_connection_owner( $request ) {
$new_owner_id = $request['owner'];
$owner_set = ( new Manager() )->update_connection_owner( $new_owner_id );
if ( is_wp_error( $owner_set ) ) {
return $owner_set;
}
return rest_ensure_response(
array(
'code' => 'success',
)
);
}
/**
* Check that user has permission to change the master user.
*
* @since 1.7.0
* @since-jetpack 6.2.0
* @since-jetpack 7.7.0 Update so that any user with jetpack_disconnect privs can set owner.
*
* @return bool|WP_Error True if user is able to change master user.
*/
public static function set_connection_owner_permission_check() {
if ( current_user_can( 'jetpack_disconnect' ) ) {
return true;
}
return new WP_Error( 'invalid_user_permission_set_connection_owner', self::get_user_permissions_error_msg(), array( 'status' => rest_authorization_required_code() ) );
}
}

281
wp-content/upgrade-temp-backup/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-secrets.php
View File

@ -1,281 +0,0 @@
<?php
/**
* The Jetpack Connection Secrets class file.
*
* @package automattic/jetpack-connection
*/
namespace Automattic\Jetpack\Connection;
use Jetpack_Options;
use WP_Error;
/**
* The Jetpack Connection Secrets class that is used to manage secrets.
*/
class Secrets {
const SECRETS_MISSING = 'secrets_missing';
const SECRETS_EXPIRED = 'secrets_expired';
const LEGACY_SECRETS_OPTION_NAME = 'jetpack_secrets';
/**
* Deletes all connection secrets from the local Jetpack site.
*/
public function delete_all() {
Jetpack_Options::delete_raw_option( 'jetpack_secrets' );
}
/**
* Runs the wp_generate_password function with the required parameters. This is the
* default implementation of the secret callable, can be overridden using the
* jetpack_connection_secret_generator filter.
*
* @return String $secret value.
*/
private function secret_callable_method() {
$secret = wp_generate_password( 32, false );
// Some sites may hook into the random_password filter and make the password shorter, let's make sure our secret has the required length.
$attempts = 1;
$secret_length = strlen( $secret );
while ( $secret_length < 32 && $attempts < 32 ) {
++$attempts;
$secret .= wp_generate_password( 32, false );
$secret_length = strlen( $secret );
}
return (string) substr( $secret, 0, 32 );
}
/**
* Generates two secret tokens and the end of life timestamp for them.
*
* @param String $action The action name.
* @param Integer|bool $user_id The user identifier. Defaults to `false`.
* @param Integer $exp Expiration time in seconds.
*/
public function generate( $action, $user_id = false, $exp = 600 ) {
if ( false === $user_id ) {
$user_id = get_current_user_id();
}
$callable = apply_filters( 'jetpack_connection_secret_generator', array( static::class, 'secret_callable_method' ) );
$secrets = Jetpack_Options::get_raw_option(
self::LEGACY_SECRETS_OPTION_NAME,
array()
);
$secret_name = 'jetpack_' . $action . '_' . $user_id;
if (
isset( $secrets[ $secret_name ] ) &&
$secrets[ $secret_name ]['exp'] > time()
) {
return $secrets[ $secret_name ];
}
$secret_value = array(
'secret_1' => call_user_func( $callable ),
'secret_2' => call_user_func( $callable ),
'exp' => time() + $exp,
);
$secrets[ $secret_name ] = $secret_value;
$res = Jetpack_Options::update_raw_option( self::LEGACY_SECRETS_OPTION_NAME, $secrets );
return $res ? $secrets[ $secret_name ] : false;
}
/**
* Returns two secret tokens and the end of life timestamp for them.
*
* @param String $action The action name.
* @param Integer $user_id The user identifier.
* @return string|array an array of secrets or an error string.
*/
public function get( $action, $user_id ) {
$secret_name = 'jetpack_' . $action . '_' . $user_id;
$secrets = Jetpack_Options::get_raw_option(
self::LEGACY_SECRETS_OPTION_NAME,
array()
);
if ( ! isset( $secrets[ $secret_name ] ) ) {
return self::SECRETS_MISSING;
}
if ( $secrets[ $secret_name ]['exp'] < time() ) {
$this->delete( $action, $user_id );
return self::SECRETS_EXPIRED;
}
return $secrets[ $secret_name ];
}
/**
* Deletes secret tokens in case they, for example, have expired.
*
* @param String $action The action name.
* @param Integer $user_id The user identifier.
*/
public function delete( $action, $user_id ) {
$secret_name = 'jetpack_' . $action . '_' . $user_id;
$secrets = Jetpack_Options::get_raw_option(
self::LEGACY_SECRETS_OPTION_NAME,
array()
);
if ( isset( $secrets[ $secret_name ] ) ) {
unset( $secrets[ $secret_name ] );
Jetpack_Options::update_raw_option( self::LEGACY_SECRETS_OPTION_NAME, $secrets );
}
}
/**
* Verify a Previously Generated Secret.
*
* @param string $action The type of secret to verify.
* @param string $secret_1 The secret string to compare to what is stored.
* @param int $user_id The user ID of the owner of the secret.
* @return WP_Error|string WP_Error on failure, secret_2 on success.
*/
public function verify( $action, $secret_1, $user_id ) {
$allowed_actions = array( 'register', 'authorize', 'publicize' );
if ( ! in_array( $action, $allowed_actions, true ) ) {
return new WP_Error( 'unknown_verification_action', 'Unknown Verification Action', 400 );
}
$user = get_user_by( 'id', $user_id );
/**
* We've begun verifying the previously generated secret.
*
* @since 1.7.0
* @since-jetpack 7.5.0
*
* @param string $action The type of secret to verify.
* @param \WP_User $user The user object.
*/
do_action( 'jetpack_verify_secrets_begin', $action, $user );
$return_error = function ( WP_Error $error ) use ( $action, $user ) {
/**
* Verifying of the previously generated secret has failed.
*
* @since 1.7.0
* @since-jetpack 7.5.0
*
* @param string $action The type of secret to verify.
* @param \WP_User $user The user object.
* @param WP_Error $error The error object.
*/
do_action( 'jetpack_verify_secrets_fail', $action, $user, $error );
return $error;
};
$stored_secrets = $this->get( $action, $user_id );
$this->delete( $action, $user_id );
$error = null;
if ( empty( $secret_1 ) ) {
$error = $return_error(
new WP_Error(
'verify_secret_1_missing',
/* translators: "%s" is the name of a paramter. It can be either "secret_1" or "state". */
sprintf( __( 'The required "%s" parameter is missing.', 'jetpack-connection' ), 'secret_1' ),
400
)
);
} elseif ( ! is_string( $secret_1 ) ) {
$error = $return_error(
new WP_Error(
'verify_secret_1_malformed',
/* translators: "%s" is the name of a paramter. It can be either "secret_1" or "state". */
sprintf( __( 'The required "%s" parameter is malformed.', 'jetpack-connection' ), 'secret_1' ),
400
)
);
} elseif ( empty( $user_id ) ) {
// $user_id is passed around during registration as "state".
$error = $return_error(
new WP_Error(
'state_missing',
/* translators: "%s" is the name of a paramter. It can be either "secret_1" or "state". */
sprintf( __( 'The required "%s" parameter is missing.', 'jetpack-connection' ), 'state' ),
400
)
);
} elseif ( ! ctype_digit( (string) $user_id ) ) {
$error = $return_error(
new WP_Error(
'state_malformed',
/* translators: "%s" is the name of a paramter. It can be either "secret_1" or "state". */
sprintf( __( 'The required "%s" parameter is malformed.', 'jetpack-connection' ), 'state' ),
400
)
);
} elseif ( self::SECRETS_MISSING === $stored_secrets ) {
$error = $return_error(
new WP_Error(
'verify_secrets_missing',
__( 'Verification secrets not found', 'jetpack-connection' ),
400
)
);
} elseif ( self::SECRETS_EXPIRED === $stored_secrets ) {
$error = $return_error(
new WP_Error(
'verify_secrets_expired',
__( 'Verification took too long', 'jetpack-connection' ),
400
)
);
} elseif ( ! $stored_secrets ) {
$error = $return_error(
new WP_Error(
'verify_secrets_empty',
__( 'Verification secrets are empty', 'jetpack-connection' ),
400
)
);
} elseif ( is_wp_error( $stored_secrets ) ) {
$stored_secrets->add_data( 400 );
$error = $return_error( $stored_secrets );
} elseif ( empty( $stored_secrets['secret_1'] ) || empty( $stored_secrets['secret_2'] ) || empty( $stored_secrets['exp'] ) ) {
$error = $return_error(
new WP_Error(
'verify_secrets_incomplete',
__( 'Verification secrets are incomplete', 'jetpack-connection' ),
400
)
);
} elseif ( ! hash_equals( $secret_1, $stored_secrets['secret_1'] ) ) {
$error = $return_error(
new WP_Error(
'verify_secrets_mismatch',
__( 'Secret mismatch', 'jetpack-connection' ),
400
)
);
}
// Something went wrong during the checks, returning the error.
if ( ! empty( $error ) ) {
return $error;
}
/**
* We've succeeded at verifying the previously generated secret.
*
* @since 1.7.0
* @since-jetpack 7.5.0
*
* @param string $action The type of secret to verify.
* @param \WP_User $user The user object.
*/
do_action( 'jetpack_verify_secrets_success', $action, $user );
return $stored_secrets['secret_2'];
}
}

Some files were not shown because too many files have changed in this diff Show More