installed plugin W3 Total Cache version 2.3.2

2023-06-05 11:23:16 +00:00
parent d9b3c97e40
commit 51ea2ff21c
2730 changed files with 334913 additions and 0 deletions
--- a/wp-content/plugins/w3-total-cache/lib/SNS/services/MessageValidator/Message.php
+++ b/wp-content/plugins/w3-total-cache/lib/SNS/services/MessageValidator/Message.php
@ -0,0 +1,140 @@
+<?php
+/**
+ * Copyright 2010-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ * http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+class Message
+{
+    protected static $requiredKeys = array(
+        '__default' => array(
+            'Message',
+            'MessageId',
+            'Timestamp',
+            'TopicArn',
+            'Type',
+            'Signature',
+            'SigningCertURL',
+        ),
+        'SubscriptionConfirmation' => array(
+            'SubscribeURL',
+            'Token'
+        ),
+        'UnsubscribeConfirmation' => array(
+            'SubscribeURL',
+            'Token'
+        ),
+    );
+
+    protected static $signableKeys = array(
+        'Message',
+        'MessageId',
+        'Subject',
+        'SubscribeURL',
+        'Timestamp',
+        'Token',
+        'TopicArn',
+        'Type',
+    );
+
+    /**
+     * @var array The message data
+     */
+    protected $data;
+
+    /**
+     * Creates a Message object from an array of raw message data
+     *
+     * @param array $data The message data
+     *
+     * @return Message
+     * @throws InvalidArgumentException If a valid type is not provided or there are other required keys missing
+     */
+    public static function fromArray($data) {
+        // Make sure the type key is set
+        if (!isset($data['Type'])) {
+            throw new InvalidArgumentException('The "Type" key must be provided to instantiate a Message object.');
+        }
+
+        // Determine required keys and create a collection from the message data
+        $requiredKeys = array_merge(
+            self::$requiredKeys['__default'],
+            isset(self::$requiredKeys[$data['Type']]) ? self::$requiredKeys[$data['Type']] : array()
+        );
+        $data = array_merge($requiredKeys, $data);
+
+        return new self($data);
+    }
+
+    /**
+     * Creates a message object from the raw POST data
+     *
+     * @return Message
+     * @throws UnexpectedValueException If the POST data is absent, or not a valid JSON document
+     */
+    public static function fromRawPostData() {
+        $data = json_decode(file_get_contents('php://input'), true);
+        if (!is_array($data)) {
+            throw new UnexpectedValueException('POST data absent, or not a valid JSON document', json_last_error());
+        }
+        return self::fromArray($data);
+    }
+
+    /**
+     * @param array $data A Collection of message data with all required keys
+     */
+    public function __construct($data) {
+        $this->data = $data;
+    }
+
+    /**
+     * Get the entire message data as a Collection
+     *
+     * @return array
+     */
+    public function getData() {
+        return $this->data;
+    }
+
+    /**
+     * Gets a single key from the message data
+     *
+     * @param string $key
+     * @return string
+     */
+    public function get($key) {
+        return $this->data[$key];
+    }
+
+    /**
+     * Builds a newline delimited string to sign according to the specs
+     *
+     * @return string
+     * @link http://docs.aws.amazon.com/sns/latest/gsg/SendMessageToHttp.verify.signature.html
+     */
+    public function getStringToSign() {
+        $stringToSign = '';
+
+        $data = $this->data;
+        ksort($data);
+        $has = array();
+        foreach ($data as $key => $value) {
+            if (in_array($key, self::$signableKeys) && !in_array($key, $has)) {
+                $stringToSign .= "{$key}\n{$value}\n";
+                $has[] = $key;
+            }
+        }
+
+        return $stringToSign;
+    }
+}
--- a/wp-content/plugins/w3-total-cache/lib/SNS/services/MessageValidator/MessageValidator.php
+++ b/wp-content/plugins/w3-total-cache/lib/SNS/services/MessageValidator/MessageValidator.php
@ -0,0 +1,111 @@
+<?php
+/**
+ * Copyright 2010-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ * http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+require_once(W3TC_LIB_DIR . '/SNS/services/MessageValidator/sns-exceptions.php');
+
+/**
+ * This class uses openssl to verify SNS messages to ensure that they were sent by AWS.
+ */
+class MessageValidator {
+
+	private $hostPattern
+		= '/^sns\.[a-zA-Z0-9\-]{3,}\.amazonaws\.com(\.cn)?$/';
+
+	/**
+	 * Constructs the Message Validator object and ensures that openssl is installed
+	 *
+	 * @throws Exception If openssl is not installed
+	 */
+	public function __construct()
+	{
+		if (!extension_loaded('openssl')) {
+			throw new Exception('The openssl extension is required to use the SNS Message '
+				. 'Validator. Please install this extension in order to use this feature.');
+		}
+	}
+
+	/**
+	 * Validates a message from SNS to ensure that it was delivered by AWS
+	 *
+	 * @param Message $message The message to validate
+	 *
+	 * @throws CannotGetPublicKeyFromCertificateException If the certificate cannot be retrieved
+	 * @throws CertificateFromUnrecognizedSourceException If the certificate's source cannot be verified
+	 * @throws InvalidMessageSignatureException           If the message's signature is invalid
+	 */
+	public function validate($message) {
+		// Get the cert's URL and ensure it is from AWS
+		$certUrl = $message->get('SigningCertURL');
+		$this->validateUrl($certUrl);
+
+		// Get the cert itself and extract the public key
+		$response = wp_remote_get($certUrl);
+		if (is_wp_error($response))
+			throw new CannotGetPublicKeyFromCertificateException('Could not retrieve certificate from ' . $certUrl);
+
+		$certificate = wp_remote_retrieve_body($response);
+		$publicKey = openssl_get_publickey($certificate);
+		if (!$publicKey) {
+			throw new CannotGetPublicKeyFromCertificateException('Could not extract public key from ' . $certUrl);
+		}
+
+		// Verify the signature of the message
+		$stringToSign = $message->getStringToSign();
+		$incomingSignature = base64_decode($message->get('Signature'));
+		if (0 !== openssl_verify($stringToSign, $incomingSignature, $publicKey, OPENSSL_ALGO_SHA1)) {
+			throw new InvalidMessageSignatureException('The message did not match the signature ' . "\n" . $stringToSign);
+		}
+	}
+
+	/**
+	 * Ensures that the URL of the certificate is one belonging to AWS, and not
+	 * just something from the amazonaws domain, which could include S3 buckets.
+	 *
+	 * @param string $url Certificate URL
+	 *
+	 * @throws InvalidSnsMessageException if the cert url is invalid.
+	 */
+	private function validateUrl($url)
+	{
+		$parsed = parse_url($url);
+		if (empty($parsed['scheme'])
+			|| empty($parsed['host'])
+			|| $parsed['scheme'] !== 'https'
+			|| substr($url, -4) !== '.pem'
+			|| !preg_match($this->hostPattern, $parsed['host'])
+		) {
+			throw new InvalidSnsMessageException(
+				'The certificate is located on an invalid domain.'
+			);
+		}
+	}
+	/**
+	 * Determines if a message is valid and that is was delivered by AWS. This method does not throw exceptions and
+	 * returns a simple boolean value.
+	 *
+	 * @param Message $message The message to validate
+	 * @return bool
+	 */
+	public function isValid($message)
+	{
+		try {
+			$this->validate($message);
+			return true;
+		} catch (SnsMessageValidatorException $e) {
+			$error = $e->getMessage();
+			return false;
+		}
+	}
+}
--- a/wp-content/plugins/w3-total-cache/lib/SNS/services/MessageValidator/sns-exceptions.php
+++ b/wp-content/plugins/w3-total-cache/lib/SNS/services/MessageValidator/sns-exceptions.php
@ -0,0 +1,37 @@
+<?php
+/**
+ * Copyright 2010-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ * http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+/**
+ * Generic exception thrown by the SNS Message Validator.
+ */
+class SnsMessageValidatorException extends RuntimeException {}
+
+
+/**
+ * Indicates that certificate was from an unrecognized source.
+ */
+class CertificateFromUnrecognizedSourceException extends SnsMessageValidatorException {}
+
+/**
+ * Indicates that the public key can't be extracted from the the certificate.
+ */
+class CannotGetPublicKeyFromCertificateException extends SnsMessageValidatorException {}
+
+
+/**
+ * Indicates that the signature for SNS message was invalid.
+ */
+class InvalidMessageSignatureException extends SnsMessageValidatorException {}