updated plugin Jetpack Protect version 2.2.0

2024-06-27 12:10:57 +00:00
parent ec9d8a5834
commit 938cef2946
218 changed files with 7469 additions and 1864 deletions
--- a/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-ixr-client.php
+++ b/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-ixr-client.php
@ -12,6 +12,13 @@
 use Automattic\Jetpack\Connection\Client;
 use Automattic\Jetpack\Connection\Manager;

+/**
+ * Disable direct access.
+ */
+if ( ! defined( 'ABSPATH' ) ) {
+	exit;
+}
+
 if ( ! class_exists( IXR_Client::class ) ) {
 	require_once ABSPATH . WPINC . '/class-IXR.php';
 }
@ -146,10 +153,10 @@ class Jetpack_IXR_Client extends IXR_Client {
 			$code    = $match[1];
 			$message = $match[2];
 			$status  = $fault_code;
-			return new \WP_Error( $code, $message, $status );
+			return new WP_Error( $code, $message, $status );
 		}

-		return new \WP_Error( "IXR_{$fault_code}", $fault_string );
+		return new WP_Error( "IXR_{$fault_code}", $fault_string );
 	}

 	/**
--- a/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-signature.php
+++ b/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-signature.php
@ -93,9 +93,9 @@ class Jetpack_Signature {
 			// Convert the $_POST to the body, if the body was empty. This is how arrays are hashed
 			// and encoded on the Jetpack side.
 			if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
-				// phpcs:ignore WordPress.Security.NonceVerification.Missing
+				// phpcs:ignore WordPress.Security.NonceVerification.Missing -- Used to generate a cryptographic signature of the post data. Not actually using any of it here.
 				if ( empty( $body ) && is_array( $_POST ) && $_POST !== array() ) {
-					$body = $_POST; // phpcs:ignore WordPress.Security.NonceVerification.Missing
+					$body = $_POST; // phpcs:ignore WordPress.Security.NonceVerification.Missing -- We need all of $_POST in order to generate a cryptographic signature of the post data.
 				}
 			}
 		} elseif ( isset( $_SERVER['REQUEST_METHOD'] ) && 'PUT' === strtoupper( $_SERVER['REQUEST_METHOD'] ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- This is validating.
--- a/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-xmlrpc-server.php
+++ b/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-xmlrpc-server.php
@ -440,8 +440,8 @@ class Jetpack_XMLRPC_Server {
 	 * Given an array containing a local user identifier and a nonce, will attempt to fetch and set
 	 * an access token for the given user.
 	 *
-	 * @param array       $request    An array containing local_user and nonce keys at minimum.
-	 * @param \IXR_Client $ixr_client The client object, optional.
+	 * @param array|ArrayAccess $request An array containing local_user and nonce keys at minimum.
+	 * @param \IXR_Client       $ixr_client The client object, optional.
 	 * @return mixed
 	 */
 	public function remote_connect( $request, $ixr_client = false ) {