Automattic /
jetpack
| @@ 3-386 (lines=384) @@ | ||
| 1 | <?php |
|
| 2 | ||
| 3 | class Jetpack_Client { |
|
| 4 | const WPCOM_JSON_API_VERSION = '1.1'; |
|
| 5 | ||
| 6 | /** |
|
| 7 | * Makes an authorized remote request using Jetpack_Signature |
|
| 8 | * |
|
| 9 | * @return array|WP_Error WP HTTP response on success |
|
| 10 | */ |
|
| 11 | public static function remote_request( $args, $body = null ) { |
|
| 12 | $defaults = array( |
|
| 13 | 'url' => '', |
|
| 14 | 'user_id' => 0, |
|
| 15 | 'blog_id' => 0, |
|
| 16 | 'auth_location' => JETPACK_CLIENT__AUTH_LOCATION, |
|
| 17 | 'method' => 'POST', |
|
| 18 | 'timeout' => 10, |
|
| 19 | 'redirection' => 0, |
|
| 20 | 'headers' => array(), |
|
| 21 | 'stream' => false, |
|
| 22 | 'filename' => null, |
|
| 23 | 'sslverify' => true, |
|
| 24 | ); |
|
| 25 | ||
| 26 | $args = wp_parse_args( $args, $defaults ); |
|
| 27 | ||
| 28 | $args['blog_id'] = (int) $args['blog_id']; |
|
| 29 | ||
| 30 | if ( 'header' != $args['auth_location'] ) { |
|
| 31 | $args['auth_location'] = 'query_string'; |
|
| 32 | } |
|
| 33 | ||
| 34 | $token = Jetpack_Data::get_access_token( $args['user_id'] ); |
|
| 35 | if ( !$token ) { |
|
| 36 | return new Jetpack_Error( 'missing_token' ); |
|
| 37 | } |
|
| 38 | ||
| 39 | $method = strtoupper( $args['method'] ); |
|
| 40 | ||
| 41 | $timeout = intval( $args['timeout'] ); |
|
| 42 | ||
| 43 | $redirection = $args['redirection']; |
|
| 44 | $stream = $args['stream']; |
|
| 45 | $filename = $args['filename']; |
|
| 46 | $sslverify = $args['sslverify']; |
|
| 47 | ||
| 48 | $request = compact( 'method', 'body', 'timeout', 'redirection', 'stream', 'filename', 'sslverify' ); |
|
| 49 | ||
| 50 | @list( $token_key, $secret ) = explode( '.', $token->secret ); |
|
| 51 | if ( empty( $token ) || empty( $secret ) ) { |
|
| 52 | return new Jetpack_Error( 'malformed_token' ); |
|
| 53 | } |
|
| 54 | ||
| 55 | $token_key = sprintf( '%s:%d:%d', $token_key, JETPACK__API_VERSION, $token->external_user_id ); |
|
| 56 | ||
| 57 | $time_diff = (int) Jetpack_Options::get_option( 'time_diff' ); |
|
| 58 | $jetpack_signature = new Jetpack_Signature( $token->secret, $time_diff ); |
|
| 59 | ||
| 60 | $timestamp = time() + $time_diff; |
|
| 61 | ||
| 62 | if( function_exists( 'wp_generate_password' ) ) { |
|
| 63 | $nonce = wp_generate_password( 10, false ); |
|
| 64 | } else { |
|
| 65 | $nonce = substr( sha1( rand( 0, 1000000 ) ), 0, 10); |
|
| 66 | } |
|
| 67 | ||
| 68 | // Kind of annoying. Maybe refactor Jetpack_Signature to handle body-hashing |
|
| 69 | if ( is_null( $body ) ) { |
|
| 70 | $body_hash = ''; |
|
| 71 | ||
| 72 | } else { |
|
| 73 | // Allow arrays to be used in passing data. |
|
| 74 | $body_to_hash = $body; |
|
| 75 | ||
| 76 | if ( is_array( $body ) ) { |
|
| 77 | // We cast this to a new variable, because the array form of $body needs to be |
|
| 78 | // maintained so it can be passed into the request later on in the code. |
|
| 79 | if ( count( $body ) > 0 ) { |
|
| 80 | $body_to_hash = json_encode( self::_stringify_data( $body ) ); |
|
| 81 | } else { |
|
| 82 | $body_to_hash = ''; |
|
| 83 | } |
|
| 84 | } |
|
| 85 | ||
| 86 | if ( ! is_string( $body_to_hash ) ) { |
|
| 87 | return new Jetpack_Error( 'invalid_body', 'Body is malformed.' ); |
|
| 88 | } |
|
| 89 | ||
| 90 | $body_hash = Jetpack::connection()->sha1_base64( $body_to_hash ); |
|
| 91 | } |
|
| 92 | ||
| 93 | $auth = array( |
|
| 94 | 'token' => $token_key, |
|
| 95 | 'timestamp' => $timestamp, |
|
| 96 | 'nonce' => $nonce, |
|
| 97 | 'body-hash' => $body_hash, |
|
| 98 | ); |
|
| 99 | ||
| 100 | if ( false !== strpos( $args['url'], 'xmlrpc.php' ) ) { |
|
| 101 | $url_args = array( |
|
| 102 | 'for' => 'jetpack', |
|
| 103 | 'wpcom_blog_id' => Jetpack_Options::get_option( 'id' ), |
|
| 104 | ); |
|
| 105 | } else { |
|
| 106 | $url_args = array(); |
|
| 107 | } |
|
| 108 | ||
| 109 | if ( 'header' != $args['auth_location'] ) { |
|
| 110 | $url_args += $auth; |
|
| 111 | } |
|
| 112 | ||
| 113 | $url = add_query_arg( urlencode_deep( $url_args ), $args['url'] ); |
|
| 114 | $url = Jetpack::fix_url_for_bad_hosts( $url ); |
|
| 115 | ||
| 116 | $signature = $jetpack_signature->sign_request( $token_key, $timestamp, $nonce, $body_hash, $method, $url, $body, false ); |
|
| 117 | ||
| 118 | if ( !$signature || is_wp_error( $signature ) ) { |
|
| 119 | return $signature; |
|
| 120 | } |
|
| 121 | ||
| 122 | // Send an Authorization header so various caches/proxies do the right thing |
|
| 123 | $auth['signature'] = $signature; |
|
| 124 | $auth['version'] = JETPACK__VERSION; |
|
| 125 | $header_pieces = array(); |
|
| 126 | foreach ( $auth as $key => $value ) { |
|
| 127 | $header_pieces[] = sprintf( '%s="%s"', $key, $value ); |
|
| 128 | } |
|
| 129 | $request['headers'] = array_merge( $args['headers'], array( |
|
| 130 | 'Authorization' => "X_JETPACK " . join( ' ', $header_pieces ), |
|
| 131 | ) ); |
|
| 132 | ||
| 133 | if ( 'header' != $args['auth_location'] ) { |
|
| 134 | $url = add_query_arg( 'signature', urlencode( $signature ), $url ); |
|
| 135 | } |
|
| 136 | ||
| 137 | return Jetpack_Client::_wp_remote_request( $url, $request ); |
|
| 138 | } |
|
| 139 | ||
| 140 | /** |
|
| 141 | * Wrapper for wp_remote_request(). Turns off SSL verification for certain SSL errors. |
|
| 142 | * This is lame, but many, many, many hosts have misconfigured SSL. |
|
| 143 | * |
|
| 144 | * When Jetpack is registered, the jetpack_fallback_no_verify_ssl_certs option is set to the current time if: |
|
| 145 | * 1. a certificate error is found AND |
|
| 146 | * 2. not verifying the certificate works around the problem. |
|
| 147 | * |
|
| 148 | * The option is checked on each request. |
|
| 149 | * |
|
| 150 | * @internal |
|
| 151 | * @see Jetpack::fix_url_for_bad_hosts() |
|
| 152 | * |
|
| 153 | * @return array|WP_Error WP HTTP response on success |
|
| 154 | */ |
|
| 155 | public static function _wp_remote_request( $url, $args, $set_fallback = false ) { |
|
| 156 | /** |
|
| 157 | * SSL verification (`sslverify`) for the JetpackClient remote request |
|
| 158 | * defaults to off, use this filter to force it on. |
|
| 159 | * |
|
| 160 | * Return `true` to ENABLE SSL verification, return `false` |
|
| 161 | * to DISABLE SSL verification. |
|
| 162 | * |
|
| 163 | * @since 3.6.0 |
|
| 164 | * |
|
| 165 | * @param bool Whether to force `sslverify` or not. |
|
| 166 | */ |
|
| 167 | if ( apply_filters( 'jetpack_client_verify_ssl_certs', false ) ) { |
|
| 168 | return wp_remote_request( $url, $args ); |
|
| 169 | } |
|
| 170 | ||
| 171 | $fallback = Jetpack_Options::get_option( 'fallback_no_verify_ssl_certs' ); |
|
| 172 | if ( false === $fallback ) { |
|
| 173 | Jetpack_Options::update_option( 'fallback_no_verify_ssl_certs', 0 ); |
|
| 174 | } |
|
| 175 | ||
| 176 | if ( (int) $fallback ) { |
|
| 177 | // We're flagged to fallback |
|
| 178 | $args['sslverify'] = false; |
|
| 179 | } |
|
| 180 | ||
| 181 | $response = wp_remote_request( $url, $args ); |
|
| 182 | ||
| 183 | if ( |
|
| 184 | !$set_fallback // We're not allowed to set the flag on this request, so whatever happens happens |
|
| 185 | || |
|
| 186 | isset( $args['sslverify'] ) && !$args['sslverify'] // No verification - no point in doing it again |
|
| 187 | || |
|
| 188 | !is_wp_error( $response ) // Let it ride |
|
| 189 | ) { |
|
| 190 | Jetpack_Client::set_time_diff( $response, $set_fallback ); |
|
| 191 | return $response; |
|
| 192 | } |
|
| 193 | ||
| 194 | // At this point, we're not flagged to fallback and we are allowed to set the flag on this request. |
|
| 195 | ||
| 196 | $message = $response->get_error_message(); |
|
| 197 | ||
| 198 | // Is it an SSL Certificate verification error? |
|
| 199 | if ( |
|
| 200 | false === strpos( $message, '14090086' ) // OpenSSL SSL3 certificate error |
|
| 201 | && |
|
| 202 | false === strpos( $message, '1407E086' ) // OpenSSL SSL2 certificate error |
|
| 203 | && |
|
| 204 | false === strpos( $message, 'error setting certificate verify locations' ) // cURL CA bundle not found |
|
| 205 | && |
|
| 206 | false === strpos( $message, 'Peer certificate cannot be authenticated with' ) // cURL CURLE_SSL_CACERT: CA bundle found, but not helpful |
|
| 207 | // different versions of curl have different error messages |
|
| 208 | // this string should catch them all |
|
| 209 | && |
|
| 210 | false === strpos( $message, 'Problem with the SSL CA cert' ) // cURL CURLE_SSL_CACERT_BADFILE: probably access rights |
|
| 211 | ) { |
|
| 212 | // No, it is not. |
|
| 213 | return $response; |
|
| 214 | } |
|
| 215 | ||
| 216 | // Redo the request without SSL certificate verification. |
|
| 217 | $args['sslverify'] = false; |
|
| 218 | $response = wp_remote_request( $url, $args ); |
|
| 219 | ||
| 220 | if ( !is_wp_error( $response ) ) { |
|
| 221 | // The request went through this time, flag for future fallbacks |
|
| 222 | Jetpack_Options::update_option( 'fallback_no_verify_ssl_certs', time() ); |
|
| 223 | Jetpack_Client::set_time_diff( $response, $set_fallback ); |
|
| 224 | } |
|
| 225 | ||
| 226 | return $response; |
|
| 227 | } |
|
| 228 | ||
| 229 | public static function set_time_diff( &$response, $force_set = false ) { |
|
| 230 | $code = wp_remote_retrieve_response_code( $response ); |
|
| 231 | ||
| 232 | // Only trust the Date header on some responses |
|
| 233 | if ( 200 != $code && 304 != $code && 400 != $code && 401 != $code ) { |
|
| 234 | return; |
|
| 235 | } |
|
| 236 | ||
| 237 | if ( !$date = wp_remote_retrieve_header( $response, 'date' ) ) { |
|
| 238 | return; |
|
| 239 | } |
|
| 240 | ||
| 241 | if ( 0 >= $time = (int) strtotime( $date ) ) { |
|
| 242 | return; |
|
| 243 | } |
|
| 244 | ||
| 245 | $time_diff = $time - time(); |
|
| 246 | ||
| 247 | if ( $force_set ) { // during register |
|
| 248 | Jetpack_Options::update_option( 'time_diff', $time_diff ); |
|
| 249 | } else { // otherwise |
|
| 250 | $old_diff = Jetpack_Options::get_option( 'time_diff' ); |
|
| 251 | if ( false === $old_diff || abs( $time_diff - (int) $old_diff ) > 10 ) { |
|
| 252 | Jetpack_Options::update_option( 'time_diff', $time_diff ); |
|
| 253 | } |
|
| 254 | } |
|
| 255 | } |
|
| 256 | ||
| 257 | /** |
|
| 258 | * Queries the WordPress.com REST API with a user token. |
|
| 259 | * |
|
| 260 | * @param string $path REST API path. |
|
| 261 | * @param string $version REST API version. Default is `2`. |
|
| 262 | * @param array $args Arguments to {@see WP_Http}. Default is `array()`. |
|
| 263 | * @param string $body Body passed to {@see WP_Http}. Default is `null`. |
|
| 264 | * @param string $base_api_path REST API root. Default is `wpcom`. |
|
| 265 | * |
|
| 266 | * @return array|WP_Error $response Response data, else {@see WP_Error} on failure. |
|
| 267 | */ |
|
| 268 | public static function wpcom_json_api_request_as_user( $path, $version = '2', $args = array(), $body = null, $base_api_path = 'wpcom' ) { |
|
| 269 | $base_api_path = trim( $base_api_path, '/' ); |
|
| 270 | $version = ltrim( $version, 'v' ); |
|
| 271 | $path = ltrim( $path, '/' ); |
|
| 272 | ||
| 273 | $args = array_intersect_key( $args, array( |
|
| 274 | 'headers' => 'array', |
|
| 275 | 'method' => 'string', |
|
| 276 | 'timeout' => 'int', |
|
| 277 | 'redirection' => 'int', |
|
| 278 | 'stream' => 'boolean', |
|
| 279 | 'filename' => 'string', |
|
| 280 | 'sslverify' => 'boolean', |
|
| 281 | ) ); |
|
| 282 | ||
| 283 | $args['user_id'] = get_current_user_id(); |
|
| 284 | $args['method'] = isset( $args['method'] ) ? strtoupper( $args['method'] ) : 'GET'; |
|
| 285 | $args['url'] = sprintf( '%s://%s/%s/v%s/%s', self::protocol(), JETPACK__WPCOM_JSON_API_HOST, $base_api_path, $version, $path ); |
|
| 286 | ||
| 287 | if ( isset( $body ) && ! isset( $args['headers'] ) && in_array( $args['method'], array( 'POST', 'PUT', 'PATCH' ), true ) ) { |
|
| 288 | $args['headers'] = array( 'Content-Type' => 'application/json' ); |
|
| 289 | } |
|
| 290 | ||
| 291 | if ( isset( $body ) && ! is_string( $body ) ) { |
|
| 292 | $body = wp_json_encode( $body ); |
|
| 293 | } |
|
| 294 | ||
| 295 | return self::remote_request( $args, $body ); |
|
| 296 | } |
|
| 297 | ||
| 298 | /** |
|
| 299 | * Query the WordPress.com REST API using the blog token |
|
| 300 | * |
|
| 301 | * @param string $path |
|
| 302 | * @param string $version |
|
| 303 | * @param array $args |
|
| 304 | * @param string $body |
|
| 305 | * @param string $base_api_path |
|
| 306 | * @return array|WP_Error $response Data. |
|
| 307 | */ |
|
| 308 | static function wpcom_json_api_request_as_blog( $path, $version = self::WPCOM_JSON_API_VERSION, $args = array(), $body = null, $base_api_path = 'rest' ) { |
|
| 309 | $filtered_args = array_intersect_key( $args, array( |
|
| 310 | 'headers' => 'array', |
|
| 311 | 'method' => 'string', |
|
| 312 | 'timeout' => 'int', |
|
| 313 | 'redirection' => 'int', |
|
| 314 | 'stream' => 'boolean', |
|
| 315 | 'filename' => 'string', |
|
| 316 | 'sslverify' => 'boolean', |
|
| 317 | ) ); |
|
| 318 | ||
| 319 | // unprecedingslashit |
|
| 320 | $_path = preg_replace( '/^\//', '', $path ); |
|
| 321 | ||
| 322 | // Use GET by default whereas `remote_request` uses POST |
|
| 323 | $request_method = ( isset( $filtered_args['method'] ) ) ? $filtered_args['method'] : 'GET'; |
|
| 324 | ||
| 325 | $url = sprintf( '%s://%s/%s/v%s/%s', self::protocol(), JETPACK__WPCOM_JSON_API_HOST, $base_api_path, $version, $_path ); |
|
| 326 | ||
| 327 | $validated_args = array_merge( $filtered_args, array( |
|
| 328 | 'url' => $url, |
|
| 329 | 'blog_id' => (int) Jetpack_Options::get_option( 'id' ), |
|
| 330 | 'method' => $request_method, |
|
| 331 | ) ); |
|
| 332 | ||
| 333 | return Jetpack_Client::remote_request( $validated_args, $body ); |
|
| 334 | } |
|
| 335 | ||
| 336 | /** |
|
| 337 | * Takes an array or similar structure and recursively turns all values into strings. This is used to |
|
| 338 | * make sure that body hashes are made ith the string version, which is what will be seen after a |
|
| 339 | * server pulls up the data in the $_POST array. |
|
| 340 | * |
|
| 341 | * @param array|mixed $data |
|
| 342 | * |
|
| 343 | * @return array|string |
|
| 344 | */ |
|
| 345 | public static function _stringify_data( $data ) { |
|
| 346 | ||
| 347 | // Booleans are special, lets just makes them and explicit 1/0 instead of the 0 being an empty string. |
|
| 348 | if ( is_bool( $data ) ) { |
|
| 349 | return $data ? "1" : "0"; |
|
| 350 | } |
|
| 351 | ||
| 352 | // Cast objects into arrays. |
|
| 353 | if ( is_object( $data ) ) { |
|
| 354 | $data = (array) $data; |
|
| 355 | } |
|
| 356 | ||
| 357 | // Non arrays at this point should be just converted to strings. |
|
| 358 | if ( ! is_array( $data ) ) { |
|
| 359 | return (string)$data; |
|
| 360 | } |
|
| 361 | ||
| 362 | foreach ( $data as $key => &$value ) { |
|
| 363 | $value = self::_stringify_data( $value ); |
|
| 364 | } |
|
| 365 | ||
| 366 | return $data; |
|
| 367 | } |
|
| 368 | ||
| 369 | /** |
|
| 370 | * Gets protocol string. |
|
| 371 | * |
|
| 372 | * @return string `https` (if possible), else `http`. |
|
| 373 | */ |
|
| 374 | public static function protocol() { |
|
| 375 | /** |
|
| 376 | * Determines whether Jetpack can send outbound https requests to the WPCOM api. |
|
| 377 | * |
|
| 378 | * @since 3.6.0 |
|
| 379 | * |
|
| 380 | * @param bool $proto Defaults to true. |
|
| 381 | */ |
|
| 382 | $https = apply_filters( 'jetpack_can_make_outbound_https', true ); |
|
| 383 | ||
| 384 | return $https ? 'https' : 'http'; |
|
| 385 | } |
|
| 386 | } |
|
| 387 | ||
| @@ 5-400 (lines=396) @@ | ||
| 2 | ||
| 3 | namespace Automattic\Jetpack\Connection; |
|
| 4 | ||
| 5 | class Client { |
|
| 6 | const WPCOM_JSON_API_VERSION = '1.1'; |
|
| 7 | ||
| 8 | /** |
|
| 9 | * Makes an authorized remote request using Jetpack_Signature |
|
| 10 | * |
|
| 11 | * @return array|WP_Error WP HTTP response on success |
|
| 12 | */ |
|
| 13 | public static function remote_request( $args, $body = null ) { |
|
| 14 | $defaults = array( |
|
| 15 | 'url' => '', |
|
| 16 | 'user_id' => 0, |
|
| 17 | 'blog_id' => 0, |
|
| 18 | 'auth_location' => JETPACK_CLIENT__AUTH_LOCATION, |
|
| 19 | 'method' => 'POST', |
|
| 20 | 'timeout' => 10, |
|
| 21 | 'redirection' => 0, |
|
| 22 | 'headers' => array(), |
|
| 23 | 'stream' => false, |
|
| 24 | 'filename' => null, |
|
| 25 | 'sslverify' => true, |
|
| 26 | ); |
|
| 27 | ||
| 28 | $args = wp_parse_args( $args, $defaults ); |
|
| 29 | ||
| 30 | $args['blog_id'] = (int) $args['blog_id']; |
|
| 31 | ||
| 32 | if ( 'header' != $args['auth_location'] ) { |
|
| 33 | $args['auth_location'] = 'query_string'; |
|
| 34 | } |
|
| 35 | ||
| 36 | $token = \Jetpack_Data::get_access_token( $args['user_id'] ); |
|
| 37 | if ( ! $token ) { |
|
| 38 | return new Jetpack_Error( 'missing_token' ); |
|
| 39 | } |
|
| 40 | ||
| 41 | $method = strtoupper( $args['method'] ); |
|
| 42 | ||
| 43 | $timeout = intval( $args['timeout'] ); |
|
| 44 | ||
| 45 | $redirection = $args['redirection']; |
|
| 46 | $stream = $args['stream']; |
|
| 47 | $filename = $args['filename']; |
|
| 48 | $sslverify = $args['sslverify']; |
|
| 49 | ||
| 50 | $request = compact( 'method', 'body', 'timeout', 'redirection', 'stream', 'filename', 'sslverify' ); |
|
| 51 | ||
| 52 | @list( $token_key, $secret ) = explode( '.', $token->secret ); |
|
| 53 | if ( empty( $token ) || empty( $secret ) ) { |
|
| 54 | return new Jetpack_Error( 'malformed_token' ); |
|
| 55 | } |
|
| 56 | ||
| 57 | $token_key = sprintf( '%s:%d:%d', $token_key, JETPACK__API_VERSION, $token->external_user_id ); |
|
| 58 | ||
| 59 | $time_diff = (int) \Jetpack_Options::get_option( 'time_diff' ); |
|
| 60 | $jetpack_signature = new \Jetpack_Signature( $token->secret, $time_diff ); |
|
| 61 | ||
| 62 | $timestamp = time() + $time_diff; |
|
| 63 | ||
| 64 | if ( function_exists( 'wp_generate_password' ) ) { |
|
| 65 | $nonce = wp_generate_password( 10, false ); |
|
| 66 | } else { |
|
| 67 | $nonce = substr( sha1( rand( 0, 1000000 ) ), 0, 10 ); |
|
| 68 | } |
|
| 69 | ||
| 70 | // Kind of annoying. Maybe refactor Jetpack_Signature to handle body-hashing |
|
| 71 | if ( is_null( $body ) ) { |
|
| 72 | $body_hash = ''; |
|
| 73 | ||
| 74 | } else { |
|
| 75 | // Allow arrays to be used in passing data. |
|
| 76 | $body_to_hash = $body; |
|
| 77 | ||
| 78 | if ( is_array( $body ) ) { |
|
| 79 | // We cast this to a new variable, because the array form of $body needs to be |
|
| 80 | // maintained so it can be passed into the request later on in the code. |
|
| 81 | if ( count( $body ) > 0 ) { |
|
| 82 | $body_to_hash = json_encode( self::_stringify_data( $body ) ); |
|
| 83 | } else { |
|
| 84 | $body_to_hash = ''; |
|
| 85 | } |
|
| 86 | } |
|
| 87 | ||
| 88 | if ( ! is_string( $body_to_hash ) ) { |
|
| 89 | return new \Jetpack_Error( 'invalid_body', 'Body is malformed.' ); |
|
| 90 | } |
|
| 91 | ||
| 92 | $body_hash = Jetpack::connection()->sha1_base64( $body_to_hash ); |
|
| 93 | } |
|
| 94 | ||
| 95 | $auth = array( |
|
| 96 | 'token' => $token_key, |
|
| 97 | 'timestamp' => $timestamp, |
|
| 98 | 'nonce' => $nonce, |
|
| 99 | 'body-hash' => $body_hash, |
|
| 100 | ); |
|
| 101 | ||
| 102 | if ( false !== strpos( $args['url'], 'xmlrpc.php' ) ) { |
|
| 103 | $url_args = array( |
|
| 104 | 'for' => 'jetpack', |
|
| 105 | 'wpcom_blog_id' => \Jetpack_Options::get_option( 'id' ), |
|
| 106 | ); |
|
| 107 | } else { |
|
| 108 | $url_args = array(); |
|
| 109 | } |
|
| 110 | ||
| 111 | if ( 'header' != $args['auth_location'] ) { |
|
| 112 | $url_args += $auth; |
|
| 113 | } |
|
| 114 | ||
| 115 | $url = add_query_arg( urlencode_deep( $url_args ), $args['url'] ); |
|
| 116 | $url = Jetpack::fix_url_for_bad_hosts( $url ); |
|
| 117 | ||
| 118 | $signature = $jetpack_signature->sign_request( $token_key, $timestamp, $nonce, $body_hash, $method, $url, $body, false ); |
|
| 119 | ||
| 120 | if ( ! $signature || is_wp_error( $signature ) ) { |
|
| 121 | return $signature; |
|
| 122 | } |
|
| 123 | ||
| 124 | // Send an Authorization header so various caches/proxies do the right thing |
|
| 125 | $auth['signature'] = $signature; |
|
| 126 | $auth['version'] = JETPACK__VERSION; |
|
| 127 | $header_pieces = array(); |
|
| 128 | foreach ( $auth as $key => $value ) { |
|
| 129 | $header_pieces[] = sprintf( '%s="%s"', $key, $value ); |
|
| 130 | } |
|
| 131 | $request['headers'] = array_merge( |
|
| 132 | $args['headers'], |
|
| 133 | array( |
|
| 134 | 'Authorization' => 'X_JETPACK ' . join( ' ', $header_pieces ), |
|
| 135 | ) |
|
| 136 | ); |
|
| 137 | ||
| 138 | if ( 'header' != $args['auth_location'] ) { |
|
| 139 | $url = add_query_arg( 'signature', urlencode( $signature ), $url ); |
|
| 140 | } |
|
| 141 | ||
| 142 | return self::_wp_remote_request( $url, $request ); |
|
| 143 | } |
|
| 144 | ||
| 145 | /** |
|
| 146 | * Wrapper for wp_remote_request(). Turns off SSL verification for certain SSL errors. |
|
| 147 | * This is lame, but many, many, many hosts have misconfigured SSL. |
|
| 148 | * |
|
| 149 | * When Jetpack is registered, the jetpack_fallback_no_verify_ssl_certs option is set to the current time if: |
|
| 150 | * 1. a certificate error is found AND |
|
| 151 | * 2. not verifying the certificate works around the problem. |
|
| 152 | * |
|
| 153 | * The option is checked on each request. |
|
| 154 | * |
|
| 155 | * @internal |
|
| 156 | * @see Jetpack::fix_url_for_bad_hosts() |
|
| 157 | * |
|
| 158 | * @return array|WP_Error WP HTTP response on success |
|
| 159 | */ |
|
| 160 | public static function _wp_remote_request( $url, $args, $set_fallback = false ) { |
|
| 161 | /** |
|
| 162 | * SSL verification (`sslverify`) for the JetpackClient remote request |
|
| 163 | * defaults to off, use this filter to force it on. |
|
| 164 | * |
|
| 165 | * Return `true` to ENABLE SSL verification, return `false` |
|
| 166 | * to DISABLE SSL verification. |
|
| 167 | * |
|
| 168 | * @since 3.6.0 |
|
| 169 | * |
|
| 170 | * @param bool Whether to force `sslverify` or not. |
|
| 171 | */ |
|
| 172 | if ( apply_filters( 'jetpack_client_verify_ssl_certs', false ) ) { |
|
| 173 | return wp_remote_request( $url, $args ); |
|
| 174 | } |
|
| 175 | ||
| 176 | $fallback = \Jetpack_Options::get_option( 'fallback_no_verify_ssl_certs' ); |
|
| 177 | if ( false === $fallback ) { |
|
| 178 | \Jetpack_Options::update_option( 'fallback_no_verify_ssl_certs', 0 ); |
|
| 179 | } |
|
| 180 | ||
| 181 | if ( (int) $fallback ) { |
|
| 182 | // We're flagged to fallback |
|
| 183 | $args['sslverify'] = false; |
|
| 184 | } |
|
| 185 | ||
| 186 | $response = wp_remote_request( $url, $args ); |
|
| 187 | ||
| 188 | if ( |
|
| 189 | ! $set_fallback // We're not allowed to set the flag on this request, so whatever happens happens |
|
| 190 | || |
|
| 191 | isset( $args['sslverify'] ) && ! $args['sslverify'] // No verification - no point in doing it again |
|
| 192 | || |
|
| 193 | ! is_wp_error( $response ) // Let it ride |
|
| 194 | ) { |
|
| 195 | self::set_time_diff( $response, $set_fallback ); |
|
| 196 | return $response; |
|
| 197 | } |
|
| 198 | ||
| 199 | // At this point, we're not flagged to fallback and we are allowed to set the flag on this request. |
|
| 200 | ||
| 201 | $message = $response->get_error_message(); |
|
| 202 | ||
| 203 | // Is it an SSL Certificate verification error? |
|
| 204 | if ( |
|
| 205 | false === strpos( $message, '14090086' ) // OpenSSL SSL3 certificate error |
|
| 206 | && |
|
| 207 | false === strpos( $message, '1407E086' ) // OpenSSL SSL2 certificate error |
|
| 208 | && |
|
| 209 | false === strpos( $message, 'error setting certificate verify locations' ) // cURL CA bundle not found |
|
| 210 | && |
|
| 211 | false === strpos( $message, 'Peer certificate cannot be authenticated with' ) // cURL CURLE_SSL_CACERT: CA bundle found, but not helpful |
|
| 212 | // different versions of curl have different error messages |
|
| 213 | // this string should catch them all |
|
| 214 | && |
|
| 215 | false === strpos( $message, 'Problem with the SSL CA cert' ) // cURL CURLE_SSL_CACERT_BADFILE: probably access rights |
|
| 216 | ) { |
|
| 217 | // No, it is not. |
|
| 218 | return $response; |
|
| 219 | } |
|
| 220 | ||
| 221 | // Redo the request without SSL certificate verification. |
|
| 222 | $args['sslverify'] = false; |
|
| 223 | $response = wp_remote_request( $url, $args ); |
|
| 224 | ||
| 225 | if ( ! is_wp_error( $response ) ) { |
|
| 226 | // The request went through this time, flag for future fallbacks |
|
| 227 | \Jetpack_Options::update_option( 'fallback_no_verify_ssl_certs', time() ); |
|
| 228 | self::set_time_diff( $response, $set_fallback ); |
|
| 229 | } |
|
| 230 | ||
| 231 | return $response; |
|
| 232 | } |
|
| 233 | ||
| 234 | public static function set_time_diff( &$response, $force_set = false ) { |
|
| 235 | $code = wp_remote_retrieve_response_code( $response ); |
|
| 236 | ||
| 237 | // Only trust the Date header on some responses |
|
| 238 | if ( 200 != $code && 304 != $code && 400 != $code && 401 != $code ) { |
|
| 239 | return; |
|
| 240 | } |
|
| 241 | ||
| 242 | if ( ! $date = wp_remote_retrieve_header( $response, 'date' ) ) { |
|
| 243 | return; |
|
| 244 | } |
|
| 245 | ||
| 246 | if ( 0 >= $time = (int) strtotime( $date ) ) { |
|
| 247 | return; |
|
| 248 | } |
|
| 249 | ||
| 250 | $time_diff = $time - time(); |
|
| 251 | ||
| 252 | if ( $force_set ) { // during register |
|
| 253 | \Jetpack_Options::update_option( 'time_diff', $time_diff ); |
|
| 254 | } else { // otherwise |
|
| 255 | $old_diff = \Jetpack_Options::get_option( 'time_diff' ); |
|
| 256 | if ( false === $old_diff || abs( $time_diff - (int) $old_diff ) > 10 ) { |
|
| 257 | \Jetpack_Options::update_option( 'time_diff', $time_diff ); |
|
| 258 | } |
|
| 259 | } |
|
| 260 | } |
|
| 261 | ||
| 262 | /** |
|
| 263 | * Queries the WordPress.com REST API with a user token. |
|
| 264 | * |
|
| 265 | * @param string $path REST API path. |
|
| 266 | * @param string $version REST API version. Default is `2`. |
|
| 267 | * @param array $args Arguments to {@see WP_Http}. Default is `array()`. |
|
| 268 | * @param string $body Body passed to {@see WP_Http}. Default is `null`. |
|
| 269 | * @param string $base_api_path REST API root. Default is `wpcom`. |
|
| 270 | * |
|
| 271 | * @return array|WP_Error $response Response data, else {@see WP_Error} on failure. |
|
| 272 | */ |
|
| 273 | public static function wpcom_json_api_request_as_user( $path, $version = '2', $args = array(), $body = null, $base_api_path = 'wpcom' ) { |
|
| 274 | $base_api_path = trim( $base_api_path, '/' ); |
|
| 275 | $version = ltrim( $version, 'v' ); |
|
| 276 | $path = ltrim( $path, '/' ); |
|
| 277 | ||
| 278 | $args = array_intersect_key( |
|
| 279 | $args, |
|
| 280 | array( |
|
| 281 | 'headers' => 'array', |
|
| 282 | 'method' => 'string', |
|
| 283 | 'timeout' => 'int', |
|
| 284 | 'redirection' => 'int', |
|
| 285 | 'stream' => 'boolean', |
|
| 286 | 'filename' => 'string', |
|
| 287 | 'sslverify' => 'boolean', |
|
| 288 | ) |
|
| 289 | ); |
|
| 290 | ||
| 291 | $args['user_id'] = get_current_user_id(); |
|
| 292 | $args['method'] = isset( $args['method'] ) ? strtoupper( $args['method'] ) : 'GET'; |
|
| 293 | $args['url'] = sprintf( '%s://%s/%s/v%s/%s', self::protocol(), JETPACK__WPCOM_JSON_API_HOST, $base_api_path, $version, $path ); |
|
| 294 | ||
| 295 | if ( isset( $body ) && ! isset( $args['headers'] ) && in_array( $args['method'], array( 'POST', 'PUT', 'PATCH' ), true ) ) { |
|
| 296 | $args['headers'] = array( 'Content-Type' => 'application/json' ); |
|
| 297 | } |
|
| 298 | ||
| 299 | if ( isset( $body ) && ! is_string( $body ) ) { |
|
| 300 | $body = wp_json_encode( $body ); |
|
| 301 | } |
|
| 302 | ||
| 303 | return self::remote_request( $args, $body ); |
|
| 304 | } |
|
| 305 | ||
| 306 | /** |
|
| 307 | * Query the WordPress.com REST API using the blog token |
|
| 308 | * |
|
| 309 | * @param string $path |
|
| 310 | * @param string $version |
|
| 311 | * @param array $args |
|
| 312 | * @param string $body |
|
| 313 | * @param string $base_api_path |
|
| 314 | * @return array|WP_Error $response Data. |
|
| 315 | */ |
|
| 316 | static function wpcom_json_api_request_as_blog( $path, $version = self::WPCOM_JSON_API_VERSION, $args = array(), $body = null, $base_api_path = 'rest' ) { |
|
| 317 | $filtered_args = array_intersect_key( |
|
| 318 | $args, |
|
| 319 | array( |
|
| 320 | 'headers' => 'array', |
|
| 321 | 'method' => 'string', |
|
| 322 | 'timeout' => 'int', |
|
| 323 | 'redirection' => 'int', |
|
| 324 | 'stream' => 'boolean', |
|
| 325 | 'filename' => 'string', |
|
| 326 | 'sslverify' => 'boolean', |
|
| 327 | ) |
|
| 328 | ); |
|
| 329 | ||
| 330 | // unprecedingslashit |
|
| 331 | $_path = preg_replace( '/^\//', '', $path ); |
|
| 332 | ||
| 333 | // Use GET by default whereas `remote_request` uses POST |
|
| 334 | $request_method = ( isset( $filtered_args['method'] ) ) ? $filtered_args['method'] : 'GET'; |
|
| 335 | ||
| 336 | $url = sprintf( '%s://%s/%s/v%s/%s', self::protocol(), JETPACK__WPCOM_JSON_API_HOST, $base_api_path, $version, $_path ); |
|
| 337 | ||
| 338 | $validated_args = array_merge( |
|
| 339 | $filtered_args, |
|
| 340 | array( |
|
| 341 | 'url' => $url, |
|
| 342 | 'blog_id' => (int) \Jetpack_Options::get_option( 'id' ), |
|
| 343 | 'method' => $request_method, |
|
| 344 | ) |
|
| 345 | ); |
|
| 346 | ||
| 347 | return self::remote_request( $validated_args, $body ); |
|
| 348 | } |
|
| 349 | ||
| 350 | /** |
|
| 351 | * Takes an array or similar structure and recursively turns all values into strings. This is used to |
|
| 352 | * make sure that body hashes are made ith the string version, which is what will be seen after a |
|
| 353 | * server pulls up the data in the $_POST array. |
|
| 354 | * |
|
| 355 | * @param array|mixed $data |
|
| 356 | * |
|
| 357 | * @return array|string |
|
| 358 | */ |
|
| 359 | public static function _stringify_data( $data ) { |
|
| 360 | ||
| 361 | // Booleans are special, lets just makes them and explicit 1/0 instead of the 0 being an empty string. |
|
| 362 | if ( is_bool( $data ) ) { |
|
| 363 | return $data ? '1' : '0'; |
|
| 364 | } |
|
| 365 | ||
| 366 | // Cast objects into arrays. |
|
| 367 | if ( is_object( $data ) ) { |
|
| 368 | $data = (array) $data; |
|
| 369 | } |
|
| 370 | ||
| 371 | // Non arrays at this point should be just converted to strings. |
|
| 372 | if ( ! is_array( $data ) ) { |
|
| 373 | return (string) $data; |
|
| 374 | } |
|
| 375 | ||
| 376 | foreach ( $data as $key => &$value ) { |
|
| 377 | $value = self::_stringify_data( $value ); |
|
| 378 | } |
|
| 379 | ||
| 380 | return $data; |
|
| 381 | } |
|
| 382 | ||
| 383 | /** |
|
| 384 | * Gets protocol string. |
|
| 385 | * |
|
| 386 | * @return string `https` (if possible), else `http`. |
|
| 387 | */ |
|
| 388 | public static function protocol() { |
|
| 389 | /** |
|
| 390 | * Determines whether Jetpack can send outbound https requests to the WPCOM api. |
|
| 391 | * |
|
| 392 | * @since 3.6.0 |
|
| 393 | * |
|
| 394 | * @param bool $proto Defaults to true. |
|
| 395 | */ |
|
| 396 | $https = apply_filters( 'jetpack_can_make_outbound_https', true ); |
|
| 397 | ||
| 398 | return $https ? 'https' : 'http'; |
|
| 399 | } |
|
| 400 | } |
|
| 401 | ||
