updated plugin Jetpack Protect version 2.2.0
This commit is contained in:
Gitium
@ -25,7 +25,7 @@ class Cache {
|
||||
*
|
||||
* @param string $key Key to fetch.
|
||||
* @param mixed $default Default value to return if the key is not set.
|
||||
* @returns mixed Data.
|
||||
* @return mixed Data.
|
||||
*/
|
||||
public static function get( $key, $default = null ) {
|
||||
$blog_id = get_current_blog_id();
|
||||
|
||||
@ -14,16 +14,20 @@ namespace Automattic\Jetpack;
|
||||
|
||||
/**
|
||||
* Erros class.
|
||||
*
|
||||
* @deprecated since 3.2.0
|
||||
*/
|
||||
class Errors {
|
||||
/**
|
||||
* Catches PHP errors. Must be used in conjunction with output buffering.
|
||||
*
|
||||
* @deprecated since 3.2.0
|
||||
* @param bool $catch True to start catching, False to stop.
|
||||
*
|
||||
* @static
|
||||
*/
|
||||
public function catch_errors( $catch ) {
|
||||
_deprecated_function( __METHOD__, '3.2.0' );
|
||||
static $display_errors, $error_reporting;
|
||||
|
||||
if ( $catch ) {
|
||||
|
||||
@ -34,7 +34,7 @@ class Host {
|
||||
*
|
||||
* @since 1.9.0
|
||||
*
|
||||
* @return bool;
|
||||
* @return bool
|
||||
*/
|
||||
public function is_atomic_platform() {
|
||||
return Constants::is_true( 'ATOMIC_SITE_ID' ) && Constants::is_true( 'ATOMIC_CLIENT_ID' );
|
||||
@ -127,7 +127,7 @@ class Host {
|
||||
*/
|
||||
public function get_source_query() {
|
||||
// phpcs:disable WordPress.Security.NonceVerification.Recommended
|
||||
$allowed_sources = array( 'jetpack-manage' );
|
||||
$allowed_sources = array( 'jetpack-manage', 'a8c-for-agencies' );
|
||||
if ( isset( $_GET['source'] ) && in_array( $_GET['source'], $allowed_sources, true ) ) {
|
||||
return sanitize_key( $_GET['source'] );
|
||||
}
|
||||
@ -276,4 +276,20 @@ class Host {
|
||||
Cache::set( 'host_guess', $provider );
|
||||
return $provider;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add public-api.wordpress.com to the safe redirect allowed list - only added when someone allows API access.
|
||||
*
|
||||
* @since 3.0.2 Ported from Jetpack to the Status package.
|
||||
*
|
||||
* To be used with a filter of allowed domains for a redirect.
|
||||
*
|
||||
* @param array $domains Allowed WP.com Environments.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public static function allow_wpcom_public_api_domain( $domains ) {
|
||||
$domains[] = 'public-api.wordpress.com';
|
||||
return $domains;
|
||||
}
|
||||
}
|
||||
|
||||
@ -166,7 +166,7 @@ class Modules {
|
||||
}
|
||||
|
||||
$key = md5( $file_name . maybe_serialize( $headers ) );
|
||||
$refresh_cache = is_admin() && isset( $_GET['page'] ) && str_starts_with( $_GET['page'], 'jetpack' ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput
|
||||
$refresh_cache = is_admin() && isset( $_GET['page'] ) && is_string( $_GET['page'] ) && str_starts_with( $_GET['page'], 'jetpack' ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput
|
||||
|
||||
// If we don't need to refresh the cache, and already have the value, short-circuit!
|
||||
if ( ! $refresh_cache && isset( $file_data_option[ $key ] ) ) {
|
||||
@ -454,10 +454,8 @@ class Modules {
|
||||
}
|
||||
|
||||
// Check the file for fatal errors, a la wp-admin/plugins.php::activate.
|
||||
$errors = new Errors();
|
||||
$state->state( 'module', $module );
|
||||
$state->state( 'error', 'module_activation_failed' ); // we'll override this later if the plugin can be included without fatal error.
|
||||
$errors->catch_errors( true );
|
||||
|
||||
ob_start();
|
||||
$module_path = $this->get_path( $module );
|
||||
@ -470,7 +468,6 @@ class Modules {
|
||||
|
||||
$state->state( 'error', false ); // the override.
|
||||
ob_end_clean();
|
||||
$errors->catch_errors( false );
|
||||
} else { // Not a Jetpack plugin.
|
||||
$active[] = $module;
|
||||
$this->update_active( $active );
|
||||
@ -534,7 +531,7 @@ class Modules {
|
||||
*
|
||||
* @param array $modules Array of active modules to be saved in options.
|
||||
*
|
||||
* @return $success bool true for success, false for failure.
|
||||
* @return bool $success true for success, false for failure.
|
||||
*/
|
||||
public function update_active( $modules ) {
|
||||
$current_modules = \Jetpack_Options::get_option( 'active_modules', array() );
|
||||
|
||||
@ -25,4 +25,57 @@ class Paths {
|
||||
$url = add_query_arg( $args, admin_url( 'admin.php' ) );
|
||||
return $url;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine if the current request is activating a plugin from the plugins page.
|
||||
*
|
||||
* @param string $plugin Plugin file path to check.
|
||||
* @return bool
|
||||
*/
|
||||
public function is_current_request_activating_plugin_from_plugins_screen( $plugin ) {
|
||||
// Filter out common async request contexts
|
||||
if (
|
||||
wp_doing_ajax() ||
|
||||
( defined( 'REST_REQUEST' ) && REST_REQUEST ) ||
|
||||
( defined( 'REST_API_REQUEST' ) && REST_API_REQUEST ) ||
|
||||
( defined( 'WP_CLI' ) && WP_CLI )
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( isset( $_SERVER['SCRIPT_NAME'] ) ) {
|
||||
$request_file = esc_url_raw( wp_unslash( $_SERVER['SCRIPT_NAME'] ) );
|
||||
} elseif ( isset( $_SERVER['REQUEST_URI'] ) ) {
|
||||
list( $request_file ) = explode( '?', esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Not the plugins page
|
||||
if ( strpos( $request_file, 'wp-admin/plugins.php' ) === false ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Same method to get the action as used by plugins.php
|
||||
$wp_list_table = _get_list_table( 'WP_Plugins_List_Table' );
|
||||
$action = $wp_list_table->current_action();
|
||||
|
||||
// Not a singular activation
|
||||
// This also means that if the plugin is activated as part of a group ( bulk activation ), this function will return false here.
|
||||
if ( 'activate' !== $action ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check the nonce associated with the plugin activation
|
||||
// We are not changing any data here, so this is not super necessary, it's just a best practice before using the form data from $_REQUEST.
|
||||
check_admin_referer( 'activate-plugin_' . $plugin );
|
||||
|
||||
// Not the right plugin
|
||||
$requested_plugin = isset( $_REQUEST['plugin'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['plugin'] ) ) : null;
|
||||
if ( $requested_plugin !== $plugin ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@ -17,18 +17,6 @@ use WPCOM_Masterbar;
|
||||
* Used to retrieve information about the current status of Jetpack and the site overall.
|
||||
*/
|
||||
class Status {
|
||||
/**
|
||||
* Is Jetpack in development (offline) mode?
|
||||
*
|
||||
* @deprecated 1.3.0 Use Status->is_offline_mode().
|
||||
*
|
||||
* @return bool Whether Jetpack's offline mode is active.
|
||||
*/
|
||||
public function is_development_mode() {
|
||||
_deprecated_function( __FUNCTION__, '1.3.0', 'Automattic\Jetpack\Status->is_offline_mode' );
|
||||
return $this->is_offline_mode();
|
||||
}
|
||||
|
||||
/**
|
||||
* Is Jetpack in offline mode?
|
||||
*
|
||||
@ -54,20 +42,6 @@ class Status {
|
||||
$offline_mode = true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Filters Jetpack's offline mode.
|
||||
*
|
||||
* @see https://jetpack.com/support/development-mode/
|
||||
* @todo Update documentation ^^.
|
||||
*
|
||||
* @since 1.1.1
|
||||
* @since-jetpack 2.2.1
|
||||
* @deprecated 1.3.0
|
||||
*
|
||||
* @param bool $offline_mode Is Jetpack's offline mode active.
|
||||
*/
|
||||
$offline_mode = (bool) apply_filters_deprecated( 'jetpack_development_mode', array( $offline_mode ), '1.3.0', 'jetpack_offline_mode' );
|
||||
|
||||
/**
|
||||
* Filters Jetpack's offline mode.
|
||||
*
|
||||
@ -84,21 +58,6 @@ class Status {
|
||||
return $offline_mode;
|
||||
}
|
||||
|
||||
/**
|
||||
* Is Jetpack in "No User test mode"?
|
||||
*
|
||||
* This will make Jetpack act as if there were no connected users, but only a site connection (aka blog token)
|
||||
*
|
||||
* @since 1.6.0
|
||||
* @deprecated 1.7.5 Since this version, Jetpack connection is considered active after registration, making no_user_testing_mode obsolete.
|
||||
*
|
||||
* @return bool Whether Jetpack's No User Testing Mode is active.
|
||||
*/
|
||||
public function is_no_user_testing_mode() {
|
||||
_deprecated_function( __METHOD__, '1.7.5' );
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Whether this is a system with a multiple networks.
|
||||
* Implemented since there is no core is_multi_network function.
|
||||
|
||||
@ -40,4 +40,17 @@ class Visitor {
|
||||
|
||||
return ! empty( $_SERVER['REMOTE_ADDR'] ) ? filter_var( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ) : '';
|
||||
}
|
||||
|
||||
/**
|
||||
* Simple gate check for a11n feature testing purposes using AT_PROXIED_REQUEST constant.
|
||||
* IMPORTANT: Only use it for internal feature test purposes, not authorization.
|
||||
*
|
||||
* The goal of this function is to help us gate features by using a similar function name
|
||||
* we find on simple sites: is_automattician().
|
||||
*
|
||||
* @return bool True if the current request is PROXIED, false otherwise.
|
||||
*/
|
||||
public function is_automattician_feature_flags_only() {
|
||||
return ( defined( 'AT_PROXIED_REQUEST' ) && AT_PROXIED_REQUEST );
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user