Automattic /
jetpack
| @@ 252-286 (lines=35) @@ | ||
| 249 | * |
|
| 250 | * @return bool |
|
| 251 | */ |
|
| 252 | public static function is_request_signed_by_jetpack_debugger() { |
|
| 253 | // phpcs:disable WordPress.Security.NonceVerification.Recommended |
|
| 254 | if ( ! isset( $_GET['signature'], $_GET['timestamp'], $_GET['url'] ) ) { |
|
| 255 | return false; |
|
| 256 | } |
|
| 257 | $signature = base64_decode( $_GET['signature'] ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode |
|
| 258 | ||
| 259 | $signature_data = wp_json_encode( |
|
| 260 | array( |
|
| 261 | 'rest_route' => $_GET['rest_route'], |
|
| 262 | 'timestamp' => (int) $_GET['timestamp'], |
|
| 263 | 'url' => wp_unslash( $_GET['url'] ), |
|
| 264 | ) |
|
| 265 | ); |
|
| 266 | ||
| 267 | if ( |
|
| 268 | ! function_exists( 'openssl_verify' ) |
|
| 269 | || 1 !== openssl_verify( |
|
| 270 | $signature_data, |
|
| 271 | $signature, |
|
| 272 | static::JETPACK__DEBUGGER_PUBLIC_KEY |
|
| 273 | ) |
|
| 274 | ) { |
|
| 275 | return false; |
|
| 276 | } |
|
| 277 | ||
| 278 | // signature timestamp must be within 5min of current time. |
|
| 279 | if ( abs( time() - (int) $_GET['timestamp'] ) > 300 ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended |
|
| 280 | return false; |
|
| 281 | } |
|
| 282 | ||
| 283 | // phpcs:enable WordPress.Security.NonceVerification.Recommended |
|
| 284 | ||
| 285 | return true; |
|
| 286 | } |
|
| 287 | ||
| 288 | /** |
|
| 289 | * Verify that user is allowed to disconnect Jetpack. |
|
| @@ 1343-1374 (lines=32) @@ | ||
| 1340 | * |
|
| 1341 | * @return bool |
|
| 1342 | */ |
|
| 1343 | public static function view_jetpack_connection_test_check() { |
|
| 1344 | if ( ! isset( $_GET['signature'], $_GET['timestamp'], $_GET['url'] ) ) { |
|
| 1345 | return false; |
|
| 1346 | } |
|
| 1347 | $signature = base64_decode( $_GET['signature'] ); |
|
| 1348 | ||
| 1349 | $signature_data = wp_json_encode( |
|
| 1350 | array( |
|
| 1351 | 'rest_route' => $_GET['rest_route'], |
|
| 1352 | 'timestamp' => (int) $_GET['timestamp'], |
|
| 1353 | 'url' => wp_unslash( $_GET['url'] ), |
|
| 1354 | ) |
|
| 1355 | ); |
|
| 1356 | ||
| 1357 | if ( |
|
| 1358 | ! function_exists( 'openssl_verify' ) |
|
| 1359 | || 1 !== openssl_verify( |
|
| 1360 | $signature_data, |
|
| 1361 | $signature, |
|
| 1362 | JETPACK__DEBUGGER_PUBLIC_KEY |
|
| 1363 | ) |
|
| 1364 | ) { |
|
| 1365 | return false; |
|
| 1366 | } |
|
| 1367 | ||
| 1368 | // signature timestamp must be within 5min of current time |
|
| 1369 | if ( abs( time() - (int) $_GET['timestamp'] ) > 300 ) { |
|
| 1370 | return false; |
|
| 1371 | } |
|
| 1372 | ||
| 1373 | return true; |
|
| 1374 | } |
|
| 1375 | ||
| 1376 | /** |
|
| 1377 | * Test connection status for this Jetpack site, encrypt the results for decryption by a third-party. |
|
