updated plugin Jetpack Protect version 2.1.0

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-client.php

@@ -88,6 +88,7 @@ class Client {
 			'blog_id'       => 0,
 			'auth_location' => Constants::get_constant( 'JETPACK_CLIENT__AUTH_LOCATION' ),
 			'method'        => 'POST',
+			'format'        => 'json',
 			'timeout'       => 10,
 			'redirection'   => 0,
 			'headers'       => array(),
@@ -151,11 +152,14 @@ class Client {
 			// Allow arrays to be used in passing data.
 			$body_to_hash = $body;
 
-			if ( is_array( $body ) ) {
+			if ( $args['format'] === 'jsonl' ) {
+				parse_str( $body, $body_to_hash );
+			}
+			if ( is_array( $body_to_hash ) ) {
 				// We cast this to a new variable, because the array form of $body needs to be
 				// maintained so it can be passed into the request later on in the code.
-				if ( array() !== $body ) {
-					$body_to_hash = wp_json_encode( self::_stringify_data( $body ) );
+				if ( array() !== $body_to_hash ) {
+					$body_to_hash = wp_json_encode( self::_stringify_data( $body_to_hash ) );
 				} else {
 					$body_to_hash = '';
 				}
@@ -164,7 +168,6 @@ class Client {
 			if ( ! is_string( $body_to_hash ) ) {
 				return new \WP_Error( 'invalid_body', 'Body is malformed.' );
 			}
-
 			$body_hash = base64_encode( sha1( $body_to_hash, true ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
 		}
 
@@ -370,6 +373,7 @@ class Client {
 			array(
 				'headers'     => 'array',
 				'method'      => 'string',
+				'format'      => 'string',
 				'timeout'     => 'int',
 				'redirection' => 'int',
 				'stream'      => 'boolean',

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-manager.php

@@ -239,6 +239,8 @@ class Manager {
 	 * from /xmlrpc.php so that we're replicating it as closely as possible.
 	 *
 	 * @todo Tighten $wp_xmlrpc_server_class a bit to make sure it doesn't do bad things.
+	 *
+	 * @return never
 	 */
 	public function alternate_xmlrpc() {
 		// Some browser-embedded clients send cookies. We don't want them.

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-package-version-tracker.php

@@ -30,11 +30,31 @@ class Package_Version_Tracker {
 	 */
 	const CACHED_FAILED_REQUEST_EXPIRATION = 1 * HOUR_IN_SECONDS;
 
+	/**
+	 * Transient key for rate limiting the package version requests;
+	 */
+	const RATE_LIMITER_KEY = 'jetpack_update_remote_package_last_query';
+
+	/**
+	 * Only allow one versions check (and request) per minute.
+	 */
+	const RATE_LIMITER_TIMEOUT = MINUTE_IN_SECONDS;
+
 	/**
 	 * Uses the jetpack_package_versions filter to obtain the package versions from packages that need
 	 * version tracking. If the package versions have changed, updates the option and notifies WPCOM.
 	 */
 	public function maybe_update_package_versions() {
+		// Do not run too early or all the modules may not be loaded.
+		if ( ! did_action( 'init' ) ) {
+			return;
+		}
+
+		// The version check is being rate limited.
+		if ( $this->is_rate_limiting() ) {
+			return;
+		}
+
 		/**
 		 * Obtains the package versions.
 		 *
@@ -65,13 +85,43 @@ class Package_Version_Tracker {
 	}
 
 	/**
-	 * Updates the package versions:
+	 * Updates the package versions option.
+	 *
+	 * @param array $package_versions The package versions.
+	 */
+	protected function update_package_versions_option( $package_versions ) {
+		if ( ! $this->is_sync_enabled() ) {
+			$this->update_package_versions_via_remote_request( $package_versions );
+			return;
+		}
+
+		update_option( self::PACKAGE_VERSION_OPTION, $package_versions );
+	}
+
+	/**
+	 * Whether Jetpack Sync is enabled.
+	 *
+	 * @return boolean true if Sync is present and enabled, false otherwise
+	 */
+	protected function is_sync_enabled() {
+		if ( class_exists( 'Automattic\Jetpack\Sync\Settings' ) && \Automattic\Jetpack\Sync\Settings::is_sync_enabled() ) {
+
+			return true;
+		}
+
+		return false;
+	}
+
+	/**
+	 * Fallback for updating the package versions via a remote request when Sync is not present.
+	 *
+	 * Updates the package versions as follows:
 	 *   - Sends the updated package versions to wpcom.
 	 *   - Updates the 'jetpack_package_versions' option.
 	 *
 	 * @param array $package_versions The package versions.
 	 */
-	protected function update_package_versions_option( $package_versions ) {
+	protected function update_package_versions_via_remote_request( $package_versions ) {
 		$connection = new Manager();
 		if ( ! $connection->is_connected() ) {
 			return;
@@ -108,4 +158,19 @@ class Package_Version_Tracker {
 			set_transient( self::CACHED_FAILED_REQUEST_KEY, time(), self::CACHED_FAILED_REQUEST_EXPIRATION );
 		}
 	}
+
+	/**
+	 * Check if version check is being rate limited, and update the rate limiting transient if needed.
+	 *
+	 * @return bool
+	 */
+	private function is_rate_limiting() {
+		if ( get_transient( static::RATE_LIMITER_KEY ) ) {
+			return true;
+		}
+
+		set_transient( static::RATE_LIMITER_KEY, time(), static::RATE_LIMITER_TIMEOUT );
+
+		return false;
+	}
 }

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-package-version.php

@@ -12,7 +12,7 @@ namespace Automattic\Jetpack\Connection;
  */
 class Package_Version {
 
-	const PACKAGE_VERSION = '2.2.0';
+	const PACKAGE_VERSION = '2.5.0';
 
 	const PACKAGE_SLUG = 'connection';
 

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-rest-connector.php

@@ -84,6 +84,27 @@ class REST_Connector {
 			)
 		);
 
+		// Authorize a remote user.
+		register_rest_route(
+			'jetpack/v4',
+			'/remote_provision',
+			array(
+				'methods'             => WP_REST_Server::EDITABLE,
+				'callback'            => array( $this, 'remote_provision' ),
+				'permission_callback' => array( $this, 'remote_provision_permission_check' ),
+			)
+		);
+
+		register_rest_route(
+			'jetpack/v4',
+			'/remote_register',
+			array(
+				'methods'             => WP_REST_Server::EDITABLE,
+				'callback'            => array( $this, 'remote_register' ),
+				'permission_callback' => array( $this, 'remote_register_permission_check' ),
+			)
+		);
+
 		// Get current connection status of Jetpack.
 		register_rest_route(
 			'jetpack/v4',
@@ -287,6 +308,72 @@ class REST_Connector {
 		return $result;
 	}
 
+	/**
+	 * Initiate the site provisioning process.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param WP_REST_Request $request The request sent to the WP REST API.
+	 *
+	 * @return WP_Error|array
+	 */
+	public static function remote_provision( WP_REST_Request $request ) {
+		$xmlrpc_server = new Jetpack_XMLRPC_Server();
+		$result        = $xmlrpc_server->remote_provision( $request );
+
+		if ( is_a( $result, 'IXR_Error' ) ) {
+			$result = new WP_Error( $result->code, $result->message );
+		}
+
+		return $result;
+	}
+
+	/**
+	 * Register the site so that a plan can be provisioned.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param WP_REST_Request $request The request object.
+	 *
+	 * @return WP_Error|array
+	 */
+	public function remote_register( WP_REST_Request $request ) {
+		$xmlrpc_server = new Jetpack_XMLRPC_Server();
+		$result        = $xmlrpc_server->remote_register( $request );
+
+		if ( is_a( $result, 'IXR_Error' ) ) {
+			$result = new WP_Error( $result->code, $result->message );
+		}
+
+		return $result;
+	}
+
+	/**
+	 * Remote provision endpoint permission check.
+	 *
+	 * @return true|WP_Error
+	 */
+	public function remote_provision_permission_check() {
+		return Rest_Authentication::is_signed_with_blog_token()
+			? true
+			: new WP_Error( 'invalid_permission_remote_provision', self::get_user_permissions_error_msg(), array( 'status' => rest_authorization_required_code() ) );
+	}
+
+	/**
+	 * Remote register endpoint permission check.
+	 *
+	 * @return true|WP_Error
+	 */
+	public function remote_register_permission_check() {
+		if ( $this->connection->has_connected_owner() ) {
+			return Rest_Authentication::is_signed_with_blog_token()
+				? true
+				: new WP_Error( 'already_registered', __( 'Blog is already registered', 'jetpack-connection' ), 400 );
+		}
+
+		return true;
+	}
+
 	/**
 	 * Get connection status for this Jetpack site.
 	 *

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/class-webhooks.php

@@ -86,11 +86,11 @@ class Webhooks {
 			case 'authorize':
 				$this->handle_authorize();
 				$this->do_exit();
-				break;
+				break; // @phan-suppress-current-line PhanPluginUnreachableCode -- Safer to include it even though do_exit never returns.
 			case 'authorize_redirect':
 				$this->handle_authorize_redirect();
 				$this->do_exit();
-				break;
+				break; // @phan-suppress-current-line PhanPluginUnreachableCode -- Safer to include it even though do_exit never returns.
 			// Class Jetpack::admin_page_load() still handles other cases.
 		}
 	}
@@ -159,6 +159,8 @@ class Webhooks {
 
 	/**
 	 * The `exit` is wrapped into a method so we could mock it.
+	 *
+	 * @return never
 	 */
 	protected function do_exit() {
 		exit;

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/src/webhooks/class-authorize-redirect.php

@@ -18,6 +18,12 @@ use Jetpack_Network;
  * Authorize_Redirect Webhook handler class.
  */
 class Authorize_Redirect {
+	/**
+	 * The Connection Manager object.
+	 *
+	 * @var Manager
+	 */
+	private $connection;
 
 	/**
 	 * Constructs the object
@@ -32,6 +38,8 @@ class Authorize_Redirect {
 	 * Handle the webhook
 	 *
 	 * This method implements what's in Jetpack::admin_page_load when the Jetpack plugin is not present
+	 *
+	 * @return never
 	 */
 	public function handle() {