enmi-conf.org: wp/wp-includes/class-wp-recovery-mode-cookie-service.php@177826044cd9 (annotated)

9 177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	1	<?php
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	2	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	3	* Error Protection API: WP_Recovery_Mode_Cookie_Service class
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	4	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	5	* @package WordPress
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	6	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	7	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	8
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	9	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	10	* Core class used to set, validate, and clear cookies that identify a Recovery Mode session.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	11	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	12	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	13	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	14	final class WP_Recovery_Mode_Cookie_Service {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	15
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	16	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	17	* Checks whether the recovery mode cookie is set.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	18	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	19	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	20	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	21	* @return bool True if the cookie is set, false otherwise.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	22	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	23	public function is_cookie_set() {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	24	return ! empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	25	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	26
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	27	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	28	* Sets the recovery mode cookie.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	29	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	30	* This must be immediately followed by exiting the request.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	31	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	32	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	33	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	34	public function set_cookie() {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	35
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	36	$value = $this->generate_cookie();
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	37
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	38	setcookie( RECOVERY_MODE_COOKIE, $value, 0, COOKIEPATH, COOKIE_DOMAIN, is_ssl(), true );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	39
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	40	if ( COOKIEPATH !== SITECOOKIEPATH ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	41	setcookie( RECOVERY_MODE_COOKIE, $value, 0, SITECOOKIEPATH, COOKIE_DOMAIN, is_ssl(), true );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	42	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	43	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	44
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	45	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	46	* Clears the recovery mode cookie.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	47	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	48	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	49	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	50	public function clear_cookie() {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	51	setcookie( RECOVERY_MODE_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	52	setcookie( RECOVERY_MODE_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	53	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	54
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	55	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	56	* Validates the recovery mode cookie.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	57	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	58	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	59	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	60	* @param string $cookie Optionally specify the cookie string.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	61	* If omitted, it will be retrieved from the super global.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	62	* @return true\|WP_Error True on success, error object on failure.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	63	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	64	public function validate_cookie( $cookie = '' ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	65
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	66	if ( ! $cookie ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	67	if ( empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	68	return new WP_Error( 'no_cookie', __( 'No cookie present.' ) );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	69	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	70
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	71	$cookie = $_COOKIE[ RECOVERY_MODE_COOKIE ];
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	72	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	73
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	74	$parts = $this->parse_cookie( $cookie );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	75
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	76	if ( is_wp_error( $parts ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	77	return $parts;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	78	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	79
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	80	list( , $created_at, $random, $signature ) = $parts;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	81
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	82	if ( ! ctype_digit( $created_at ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	83	return new WP_Error( 'invalid_created_at', __( 'Invalid cookie format.' ) );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	84	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	85
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	86	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	87	* Filter the length of time a Recovery Mode cookie is valid for.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	88	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	89	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	90	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	91	* @param int $length Length in seconds.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	92	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	93	$length = apply_filters( 'recovery_mode_cookie_length', WEEK_IN_SECONDS );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	94
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	95	if ( time() > $created_at + $length ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	96	return new WP_Error( 'expired', __( 'Cookie expired.' ) );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	97	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	98
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	99	$to_sign = sprintf( 'recovery_mode\|%s\|%s', $created_at, $random );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	100	$hashed = $this->recovery_mode_hash( $to_sign );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	101
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	102	if ( ! hash_equals( $signature, $hashed ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	103	return new WP_Error( 'signature_mismatch', __( 'Invalid cookie.' ) );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	104	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	105
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	106	return true;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	107	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	108
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	109	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	110	* Gets the session identifier from the cookie.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	111	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	112	* The cookie should be validated before calling this API.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	113	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	114	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	115	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	116	* @param string $cookie Optionally specify the cookie string.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	117	* If omitted, it will be retrieved from the super global.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	118	* @return string\|WP_Error Session ID on success, or error object on failure.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	119	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	120	public function get_session_id_from_cookie( $cookie = '' ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	121	if ( ! $cookie ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	122	if ( empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	123	return new WP_Error( 'no_cookie', __( 'No cookie present.' ) );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	124	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	125
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	126	$cookie = $_COOKIE[ RECOVERY_MODE_COOKIE ];
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	127	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	128
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	129	$parts = $this->parse_cookie( $cookie );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	130	if ( is_wp_error( $parts ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	131	return $parts;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	132	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	133
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	134	list( , , $random ) = $parts;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	135
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	136	return sha1( $random );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	137	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	138
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	139	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	140	* Parses the cookie into its four parts.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	141	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	142	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	143	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	144	* @param string $cookie Cookie content.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	145	* @return array\|WP_Error Cookie parts array, or error object on failure.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	146	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	147	private function parse_cookie( $cookie ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	148	$cookie = base64_decode( $cookie );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	149	$parts = explode( '\|', $cookie );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	150
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	151	if ( 4 !== count( $parts ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	152	return new WP_Error( 'invalid_format', __( 'Invalid cookie format.' ) );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	153	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	154
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	155	return $parts;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	156	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	157
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	158	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	159	* Generates the recovery mode cookie value.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	160	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	161	* The cookie is a base64 encoded string with the following format:
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	162	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	163	* recovery_mode\|iat\|rand\|signature
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	164	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	165	* Where "recovery_mode" is a constant string,
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	166	* iat is the time the cookie was generated at,
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	167	* rand is a randomly generated password that is also used as a session identifier
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	168	* and signature is an hmac of the preceding 3 parts.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	169	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	170	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	171	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	172	* @return string Generated cookie content.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	173	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	174	private function generate_cookie() {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	175	$to_sign = sprintf( 'recovery_mode\|%s\|%s', time(), wp_generate_password( 20, false ) );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	176	$signed = $this->recovery_mode_hash( $to_sign );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	177
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	178	return base64_encode( sprintf( '%s\|%s', $to_sign, $signed ) );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	179	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	180
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	181	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	182	* Gets a form of `wp_hash()` specific to Recovery Mode.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	183	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	184	* We cannot use `wp_hash()` because it is defined in `pluggable.php` which is not loaded until after plugins are loaded,
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	185	* which is too late to verify the recovery mode cookie.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	186	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	187	* This tries to use the `AUTH` salts first, but if they aren't valid specific salts will be generated and stored.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	188	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	189	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	190	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	191	* @param string $data Data to hash.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	192	* @return string\|false The hashed $data, or false on failure.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	193	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	194	private function recovery_mode_hash( $data ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	195	if ( ! defined( 'AUTH_KEY' ) \|\| AUTH_KEY === 'put your unique phrase here' ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	196	$auth_key = get_site_option( 'recovery_mode_auth_key' );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	197
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	198	if ( ! $auth_key ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	199	if ( ! function_exists( 'wp_generate_password' ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	200	require_once ABSPATH . WPINC . '/pluggable.php';
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	201	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	202
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	203	$auth_key = wp_generate_password( 64, true, true );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	204	update_site_option( 'recovery_mode_auth_key', $auth_key );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	205	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	206	} else {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	207	$auth_key = AUTH_KEY;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	208	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	209
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	210	if ( ! defined( 'AUTH_SALT' ) \|\| AUTH_SALT === 'put your unique phrase here' \|\| AUTH_SALT === $auth_key ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	211	$auth_salt = get_site_option( 'recovery_mode_auth_salt' );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	212
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	213	if ( ! $auth_salt ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	214	if ( ! function_exists( 'wp_generate_password' ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	215	require_once ABSPATH . WPINC . '/pluggable.php';
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	216	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	217
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	218	$auth_salt = wp_generate_password( 64, true, true );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	219	update_site_option( 'recovery_mode_auth_salt', $auth_salt );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	220	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	221	} else {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	222	$auth_salt = AUTH_SALT;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	223	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	224
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	225	$secret = $auth_key . $auth_salt;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	226
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	227	return hash_hmac( 'sha1', $data, $secret );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	228	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	229	}

author	ymh <ymh.work@gmail.com>
	Mon, 14 Oct 2019 18:28:13 +0200
changeset 9	177826044cd9
child 16	a86126ab1dd4
permissions	-rw-r--r--