updated plugin Jetpack Protect version 2.2.0

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/brute-force-protection/class-blocked-login-page.php

@@ -460,6 +460,7 @@ class Brute_Force_Protection_Blocked_Login_Page {
 	 * @param string $message - the message we're sending.
 	 * @param string $back_button - the back button.
 	 * @param string $recovery_form - the recovery form.
+	 * @return never
 	 */
 	public function display_page( $title, $message, $back_button = false, $recovery_form = false ) {
 

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/brute-force-protection/class-math-fallback.php

@@ -44,9 +44,7 @@ if ( ! class_exists( 'Brute_Force_Protection_Math_Authenticate' ) ) {
 		/**
 		 * Verifies that a user answered the math problem correctly while logging in.
 		 *
-		 * @return bool Returns true if the math is correct
-		 * @throws Error If insuffient $_POST variables are present.
-		 * @throws Error Message if the math is wrong.
+		 * @return bool Returns true if the math is correct. Exits if not.
 		 */
 		public static function math_authenticate() {
 			if ( isset( $_COOKIE['jpp_math_pass'] ) ) {
@@ -90,6 +88,7 @@ if ( ! class_exists( 'Brute_Force_Protection_Math_Authenticate' ) ) {
 		 * Creates an interim page to collect answers to a math captcha
 		 *
 		 * @param string $error - the error message.
+		 * @return never
 		 */
 		public static function generate_math_page( $error = false ) {
 			ob_start();

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/brute-force-protection/class-shared-functions.php

@@ -174,7 +174,7 @@ class Brute_Force_Protection_Shared_Functions {
 	 * @access public
 	 * @param mixed $allow_list IP allow list.
 	 * @param bool  $global (default: false) Global.
-	 * @return Bool.
+	 * @return bool
 	 */
 	public static function save_allow_list( $allow_list, $global = false ) {
 		$allow_list_error = false;

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-brute-force-protection.php

@@ -26,7 +26,7 @@ class Brute_Force_Protection {
 	/**
 	 * Instance of the class.
 	 *
-	 * @var Brute_Force_Protection()
+	 * @var Brute_Force_Protection
 	 */
 	private static $instance = null;
 

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-rest-controller.php

@@ -10,6 +10,8 @@ namespace Automattic\Jetpack\Waf;
 use Automattic\Jetpack\Connection\REST_Connector;
 use Automattic\Jetpack\Waf\Brute_Force_Protection\Brute_Force_Protection;
 use WP_Error;
+use WP_REST_Request;
+use WP_REST_Response;
 use WP_REST_Server;
 
 /**

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-waf-initializer.php

@@ -9,6 +9,7 @@ namespace Automattic\Jetpack\Waf;
 
 use Automattic\Jetpack\Waf\Brute_Force_Protection\Brute_Force_Protection;
 use WP_Error;
+use WP_Upgrader;
 
 /**
  * Initializes the module

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-waf-request.php

@@ -9,10 +9,12 @@ namespace Automattic\Jetpack\Waf;
 
 require_once __DIR__ . '/functions.php';
 
+<<<PHAN
+@phan-type RequestFile = array{ name: string, filename: string }
+PHAN;
+
 /**
  * Request representation.
- *
- * @template RequestFile as array{ name: string, filename: string }
  */
 class Waf_Request {
 	/**
@@ -20,7 +22,7 @@ class Waf_Request {
 	 *
 	 * @example for `https://wordpress.com/index.php?myvar=red`
 	 *          $this->url = [ 'https://wordpress.com', '/index.php', '?myvar=red' ]
-	 * @var array{ 0: string, 1: string, 2: string }|null
+	 * @var array{0: string, 1: string, 2: string}|null
 	 */
 	protected $url = null;
 
@@ -117,7 +119,7 @@ class Waf_Request {
 	/**
 	 * Returns the headers that were sent with this request
 	 *
-	 * @return array{ 0: string, 1: scalar }[]
+	 * @return array{0: string, 1: scalar}[]
 	 */
 	public function get_headers() {
 		$value              = array();
@@ -198,7 +200,7 @@ class Waf_Request {
 	 * Returns the URL parts for this request.
 	 *
 	 * @see $this->url
-	 * @return array{ 0: string, 1: string, 2: string }
+	 * @return array{0: string, 1: string, 2: string}
 	 */
 	protected function get_url() {
 		if ( null !== $this->url ) {
@@ -311,7 +313,7 @@ class Waf_Request {
 	/**
 	 * Returns the cookies
 	 *
-	 * @return array<string, string>
+	 * @return array{string, scalar}[]
 	 */
 	public function get_cookies() {
 		return flatten_array( $_COOKIE );
@@ -320,7 +322,7 @@ class Waf_Request {
 	/**
 	 * Returns the GET variables
 	 *
-	 * @return array<string, mixed|array>
+	 * @return array{string, scalar}[]
 	 */
 	public function get_get_vars() {
 		return flatten_array( $_GET );
@@ -329,7 +331,7 @@ class Waf_Request {
 	/**
 	 * Returns the POST variables
 	 *
-	 * @return array<string, mixed|array>
+	 * @return array{string, scalar}[]
 	 */
 	public function get_post_vars() {
 		// Attempt to decode JSON requests.

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-waf-runtime.php

@@ -19,11 +19,14 @@ require_once __DIR__ . '/functions.php';
  * @var string JETPACK_WAF_MODE
  */
 
+// Type aliases for this file.
+<<<PHAN
+@phan-type Target = array{ only?: string[], except?: string[], count?: boolean }
+@phan-type TargetBag = array<string, Target>
+PHAN;
+
 /**
  * Waf_Runtime class
- *
- * @template Target as array{ only?: string[], except?: string[], count?: boolean }
- * @template TargetBag as array<string, Target>
  */
 class Waf_Runtime {
 	/**
@@ -124,7 +127,7 @@ class Waf_Runtime {
 	 *
 	 * @param Waf_Transforms $transforms Transforms.
 	 * @param Waf_Operators  $operators  Operators.
-	 * @param Waf_Request?   $request    Information about the request.
+	 * @param ?Waf_Request   $request    Information about the request.
 	 */
 	public function __construct( $transforms, $operators, $request = null ) {
 		$this->transforms = $transforms;
@@ -383,6 +386,7 @@ class Waf_Runtime {
 	 *
 	 * @param string $rule_id Rule id.
 	 * @param string $url Url.
+	 * @return never
 	 */
 	public function redirect( $rule_id, $url ) {
 		error_log( "Jetpack WAF Redirected Request.\tRule:$rule_id\t$url" );
@@ -613,7 +617,7 @@ class Waf_Runtime {
 	 *   value:  The value that was found in the associated target.
 	 *
 	 * @param TargetBag $targets An assoc. array with keys that are target name(s) and values are options for how to process that target (include/exclude rules, whether to return values or counts).
-	 * @return array{ name: string, source: string, value: mixed }
+	 * @return array{name: string, source: string, value: mixed}[]
 	 */
 	public function normalize_targets( $targets ) {
 		$return = array();
@@ -720,12 +724,12 @@ class Waf_Runtime {
 	/**
 	 * Extract values from an associative array, potentially applying filters and/or counting results.
 	 *
-	 * @param array{ 0: string, 1: scalar }|scalar[] $source      The source assoc. array of values (i.e. $_GET, $_SERVER, etc.).
-	 * @param string[]                               $only        Only include the values for these keys in the output.
-	 * @param string[]                               $excl        Never include the values for these keys in the output.
-	 * @param string                                 $name        The name of this target (see https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v3.x)#Variables).
-	 * @param array                                  $results     Array to add output values to, will be modified by this method.
-	 * @param int                                    $flags       Any of the NORMALIZE_ARRAY_* constants defined at the top of the class.
+	 * @param array{0: string, 1: scalar}|scalar[] $source      The source assoc. array of values (i.e. $_GET, $_SERVER, etc.).
+	 * @param string[]                             $only        Only include the values for these keys in the output.
+	 * @param string[]                             $excl        Never include the values for these keys in the output.
+	 * @param string                               $name        The name of this target (see https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v3.x)#Variables).
+	 * @param array                                $results     Array to add output values to, will be modified by this method.
+	 * @param int                                  $flags       Any of the NORMALIZE_ARRAY_* constants defined at the top of the class.
 	 */
 	private function normalize_array_target( $source, $only, $excl, $name, &$results, $flags = 0 ) {
 		$output   = array();

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/functions.php

@@ -52,7 +52,7 @@ function wp_unslash( $value ) {
  *                                 Usually only used internally as part of recursion when flattening a nested array.
  * @param bool|null $dot_notation  Whether to use dot notation instead of bracket notation.
  *
- * @return array{ 0: string, 1: scalar }[]  $key_prefix  An array of key/value tuples, one for each distinct value in the input array.
+ * @return array{0: string, 1: scalar}[]  $key_prefix  An array of key/value tuples, one for each distinct value in the input array.
  */
 function flatten_array( $array, $key_prefix = '', $dot_notation = null ) {
 	$return = array();