updated plugin Jetpack Protect version 2.0.0

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-status/CHANGELOG.md

@@ -5,6 +5,27 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.1.0] - 2024-01-18
+### Added
+- Add hosting provider check. [#34864]
+
+## [2.0.2] - 2023-12-03
+### Fixed
+- Module active checks should always be true on WordPress.com simple sites. [#34248]
+
+## [2.0.1] - 2023-11-21
+### Changed
+- Added a note of non-usage of PHP8+ functions yet. [#34137]
+- Replaced usage of substr() with str_starts_with() and str_ends_with(). [#34207]
+
+## [2.0.0] - 2023-11-20
+### Changed
+- Updated required PHP version to >= 7.0. [#34192]
+
+## [1.19.0] - 2023-11-13
+### Added
+- Added Host::get_source_query() to return the 'source' query param from the current URL. [#33984]
+
 ## [1.18.5] - 2023-09-25
 ### Changed
 - Add 127.0.0.1 into the list of known local domains. [#32898]
@@ -285,6 +306,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Packages: Introduce a status package
 
+[2.1.0]: https://github.com/Automattic/jetpack-status/compare/v2.0.2...v2.1.0
+[2.0.2]: https://github.com/Automattic/jetpack-status/compare/v2.0.1...v2.0.2
+[2.0.1]: https://github.com/Automattic/jetpack-status/compare/v2.0.0...v2.0.1
+[2.0.0]: https://github.com/Automattic/jetpack-status/compare/v1.19.0...v2.0.0
+[1.19.0]: https://github.com/Automattic/jetpack-status/compare/v1.18.5...v1.19.0
 [1.18.5]: https://github.com/Automattic/jetpack-status/compare/v1.18.4...v1.18.5
 [1.18.4]: https://github.com/Automattic/jetpack-status/compare/v1.18.3...v1.18.4
 [1.18.3]: https://github.com/Automattic/jetpack-status/compare/v1.18.2...v1.18.3

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-status/SECURITY.md

@@ -4,11 +4,20 @@ Full details of the Automattic Security Policy can be found on [automattic.com](
 
 ## Supported Versions
 
-Generally, only the latest version of Jetpack has continued support. If a critical vulnerability is found in the current version of Jetpack, we may opt to backport any patches to previous versions. 
+Generally, only the latest version of Jetpack and its associated plugins have continued support. If a critical vulnerability is found in the current version of a plugin, we may opt to backport any patches to previous versions. 
 
 ## Reporting a Vulnerability
 
-[Jetpack](https://jetpack.com/) is an open-source plugin for WordPress. Our HackerOne program covers the plugin software, as well as a variety of related projects and infrastructure.
+Our HackerOne program covers the below plugin software, as well as a variety of related projects and infrastructure:
+
+* [Jetpack](https://jetpack.com/)
+* Jetpack Backup
+* Jetpack Boost
+* Jetpack CRM
+* Jetpack Protect
+* Jetpack Search
+* Jetpack Social
+* Jetpack VideoPress
 
 **For responsible disclosure of security issues and to be eligible for our bug bounty program, please submit your report via the [HackerOne](https://hackerone.com/automattic) portal.**
 

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-status/composer.json

@@ -4,13 +4,14 @@
 	"type": "jetpack-library",
 	"license": "GPL-2.0-or-later",
 	"require": {
-		"automattic/jetpack-constants": "^1.6.23"
+		"php": ">=7.0",
+		"automattic/jetpack-constants": "^2.0.0"
 	},
 	"require-dev": {
 		"brain/monkey": "2.6.1",
 		"yoast/phpunit-polyfills": "1.1.0",
-		"automattic/jetpack-changelogger": "^3.3.10",
-		"automattic/jetpack-ip": "^0.1.6"
+		"automattic/jetpack-changelogger": "^4.0.5",
+		"automattic/jetpack-ip": "^0.2.1"
 	},
 	"suggest": {
 		"automattic/jetpack-autoloader": "Allow for better interoperability with other plugins that use this package."
@@ -37,7 +38,7 @@
 			"link-template": "https://github.com/Automattic/jetpack-status/compare/v${old}...v${new}"
 		},
 		"branch-alias": {
-			"dev-trunk": "1.18.x-dev"
+			"dev-trunk": "2.1.x-dev"
 		}
 	}
 }

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-status/src/class-files.php

@@ -34,7 +34,7 @@ class Files {
 
 		// phpcs:ignore Generic.CodeAnalysis.AssignmentInCondition.FoundInWhileCondition
 		while ( false !== $file = readdir( $dir ) ) {
-			if ( '.' === substr( $file, 0, 1 ) || '.php' !== substr( $file, -4 ) ) {
+			if ( str_starts_with( $file, '.' ) || ! str_ends_with( $file, '.php' ) ) {
 				continue;
 			}
 

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-status/src/class-host.php

@@ -119,4 +119,158 @@ class Host {
 
 		return '';
 	}
+
+	/**
+	 * Return source query param value from the URL if exists in the allowed sources list.
+	 *
+	 * @return string "source" query param value
+	 */
+	public function get_source_query() {
+		// phpcs:disable WordPress.Security.NonceVerification.Recommended
+		$allowed_sources = array( 'jetpack-manage' );
+		if ( isset( $_GET['source'] ) && in_array( $_GET['source'], $allowed_sources, true ) ) {
+			return sanitize_key( $_GET['source'] );
+		}
+
+		return '';
+	}
+
+	/**
+	 * Returns an array of nameservers for the current site.
+	 *
+	 * @param string $domain The domain of the site to check.
+	 * @return string
+	 */
+	public function get_nameserver_dns_records( $domain ) {
+		$dns_records = dns_get_record( $domain, DNS_NS ); // Fetches the DNS records of type NS (Name Server)
+		$nameservers = array();
+
+		foreach ( $dns_records as $record ) {
+			if ( isset( $record['target'] ) ) {
+				$nameservers[] = $record['target']; // Adds the nameserver to the array
+			}
+		}
+
+		return $nameservers; // Returns an array of nameserver names
+	}
+
+	/**
+	 * Given a DNS entry, will return a hosting provider if one can be determined. Otherwise, will return 'unknown'.
+	 * Sourced from: fbhepr%2Skers%2Sjcpbz%2Sjc%2Qpbagrag%2Syvo%2Subfgvat%2Qcebivqre%2Sanzrfreiref.cuc-og
+	 *
+	 * @param string $domain The domain of the site to check.
+	 * @return string The hosting provider of 'unknown'.
+	 */
+	public function get_hosting_provider_by_nameserver( $domain ) {
+		$known_nameservers = array(
+			'bluehost'     => array(
+				'.bluehost.com',
+			),
+			'dreamhost'    => array(
+				'.dreamhost.com',
+			),
+			'mediatemple'  => array(
+				'.mediatemple.net',
+			),
+			'xserver'      => array(
+				'.xserver.jp',
+			),
+			'namecheap'    => array(
+				'.namecheaphosting.com',
+			),
+			'hostmonster'  => array(
+				'.hostmonster.com',
+			),
+			'justhost'     => array(
+				'.justhost.com',
+			),
+			'digitalocean' => array(
+				'.digitalocean.com',
+			),
+			'one'          => array(
+				'.one.com',
+			),
+			'hostpapa'     => array(
+				'.hostpapa.com',
+			),
+			'siteground'   => array(
+				'.sgcloud.net',
+				'.sgedu.site',
+				'.sgsrv1.com',
+				'.sgvps.net',
+				'.siteground.biz',
+				'.siteground.net',
+				'.siteground.eu',
+			),
+			'inmotion'     => array(
+				'.inmotionhosting.com',
+			),
+			'ionos'        => array(
+				'.ui-dns.org',
+				'.ui-dns.de',
+				'.ui-dns.biz',
+				'.ui-dns.com',
+			),
+		);
+
+		$dns_records = $this->get_nameserver_dns_records( $domain );
+		$dns_records = array_map( 'strtolower', $dns_records );
+
+		foreach ( $known_nameservers as $host => $ns_patterns ) {
+			foreach ( $ns_patterns as $ns_pattern ) {
+				foreach ( $dns_records as $record ) {
+					if ( false !== strpos( $record, $ns_pattern ) ) {
+						return $host;
+					}
+				}
+			}
+		}
+
+		return 'unknown';
+	}
+
+	/**
+	 * Returns a guess of the hosting provider for the current site based on various checks.
+	 *
+	 * @return string
+	 */
+	public function get_known_host_guess() {
+		$host = Cache::get( 'host_guess' );
+
+		if ( null !== $host ) {
+			return $host;
+		}
+
+		// First, let's check if we can recognize provider manually:
+		switch ( true ) {
+			case $this->is_woa_site():
+				$provider = 'woa';
+				break;
+			case $this->is_atomic_platform():
+				$provider = 'atomic';
+				break;
+			case $this->is_newspack_site():
+				$provider = 'newspack';
+				break;
+			case $this->is_vip_site():
+				$provider = 'vip';
+				break;
+			case $this->is_wpcom_simple():
+			case $this->is_wpcom_platform():
+				$provider = 'wpcom';
+				break;
+			default:
+				$provider = 'unknown';
+				break;
+		}
+
+		// Second, let's check if we can recognize provider by nameservers:
+		$domain = isset( $_SERVER['SERVER_NAME'] ) ? sanitize_text_field( wp_unslash( $_SERVER['SERVER_NAME'] ) ) : '';
+		if ( $provider === 'unknown' && ! empty( $domain ) ) {
+			$provider = $this->get_hosting_provider_by_nameserver( $domain );
+		}
+
+		Cache::set( 'host_guess', $provider );
+		return $provider;
+	}
 }

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-status/src/class-modules.php

@@ -25,6 +25,10 @@ class Modules {
 	 * @return bool
 	 */
 	public function is_active( $module ) {
+		if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
+			return true;
+		}
+
 		return in_array( $module, self::get_active(), true );
 	}
 
@@ -162,7 +166,7 @@ class Modules {
 		}
 
 		$key           = md5( $file_name . maybe_serialize( $headers ) );
-		$refresh_cache = is_admin() && isset( $_GET['page'] ) && 'jetpack' === substr( $_GET['page'], 0, 7 ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput
+		$refresh_cache = is_admin() && isset( $_GET['page'] ) && str_starts_with( $_GET['page'], 'jetpack' ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput
 
 		// If we don't need to refresh the cache, and already have the value, short-circuit!
 		if ( ! $refresh_cache && isset( $file_data_option[ $key ] ) ) {

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-status/src/class-status.php

@@ -167,6 +167,7 @@ class Status {
 		$site_url = site_url();
 
 		// Check for localhost and sites using an IP only first.
+		// Note: str_contains() is not used here, as wp-includes/compat.php is not loaded in this file.
 		$is_local = $site_url && false === strpos( $site_url, '.' );
 
 		// Use Core's environment check, if available.