enmi-conf.org: wp/wp-includes/class-wp-recovery-mode-cookie-service.php@417f20492bf7 (annotated)

9 177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	1	<?php
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	2	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	3	* Error Protection API: WP_Recovery_Mode_Cookie_Service class
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	4	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	5	* @package WordPress
16 a86126ab1dd4 update enmi-conf ymh <ymh.work@gmail.com> parents: 9 diff changeset	6	* @since 5.2.0
9 177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	7	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	8
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	9	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	10	* Core class used to set, validate, and clear cookies that identify a Recovery Mode session.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	11	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	12	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	13	*/
21 48c4eec2b7e6 Add CLAUDE.md documentation and sync WordPress core files ymh <ymh.work@gmail.com> parents: 18 diff changeset	14	#[AllowDynamicProperties]
9 177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	15	final class WP_Recovery_Mode_Cookie_Service {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	16
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	17	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	18	* Checks whether the recovery mode cookie is set.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	19	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	20	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	21	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	22	* @return bool True if the cookie is set, false otherwise.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	23	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	24	public function is_cookie_set() {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	25	return ! empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	26	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	27
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	28	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	29	* Sets the recovery mode cookie.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	30	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	31	* This must be immediately followed by exiting the request.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	32	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	33	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	34	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	35	public function set_cookie() {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	36
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	37	$value = $this->generate_cookie();
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	38
16 a86126ab1dd4 update enmi-conf ymh <ymh.work@gmail.com> parents: 9 diff changeset	39	/**
18 be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: 16 diff changeset	40	* Filters the length of time a Recovery Mode cookie is valid for.
16 a86126ab1dd4 update enmi-conf ymh <ymh.work@gmail.com> parents: 9 diff changeset	41	*
a86126ab1dd4 update enmi-conf ymh <ymh.work@gmail.com> parents: 9 diff changeset	42	* @since 5.2.0
a86126ab1dd4 update enmi-conf ymh <ymh.work@gmail.com> parents: 9 diff changeset	43	*
a86126ab1dd4 update enmi-conf ymh <ymh.work@gmail.com> parents: 9 diff changeset	44	* @param int $length Length in seconds.
a86126ab1dd4 update enmi-conf ymh <ymh.work@gmail.com> parents: 9 diff changeset	45	*/
a86126ab1dd4 update enmi-conf ymh <ymh.work@gmail.com> parents: 9 diff changeset	46	$length = apply_filters( 'recovery_mode_cookie_length', WEEK_IN_SECONDS );
18 be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: 16 diff changeset	47
16 a86126ab1dd4 update enmi-conf ymh <ymh.work@gmail.com> parents: 9 diff changeset	48	$expire = time() + $length;
a86126ab1dd4 update enmi-conf ymh <ymh.work@gmail.com> parents: 9 diff changeset	49
a86126ab1dd4 update enmi-conf ymh <ymh.work@gmail.com> parents: 9 diff changeset	50	setcookie( RECOVERY_MODE_COOKIE, $value, $expire, COOKIEPATH, COOKIE_DOMAIN, is_ssl(), true );
9 177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	51
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	52	if ( COOKIEPATH !== SITECOOKIEPATH ) {
16 a86126ab1dd4 update enmi-conf ymh <ymh.work@gmail.com> parents: 9 diff changeset	53	setcookie( RECOVERY_MODE_COOKIE, $value, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, is_ssl(), true );
9 177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	54	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	55	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	56
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	57	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	58	* Clears the recovery mode cookie.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	59	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	60	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	61	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	62	public function clear_cookie() {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	63	setcookie( RECOVERY_MODE_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	64	setcookie( RECOVERY_MODE_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	65	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	66
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	67	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	68	* Validates the recovery mode cookie.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	69	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	70	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	71	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	72	* @param string $cookie Optionally specify the cookie string.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	73	* If omitted, it will be retrieved from the super global.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	74	* @return true\|WP_Error True on success, error object on failure.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	75	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	76	public function validate_cookie( $cookie = '' ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	77
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	78	if ( ! $cookie ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	79	if ( empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	80	return new WP_Error( 'no_cookie', __( 'No cookie present.' ) );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	81	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	82
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	83	$cookie = $_COOKIE[ RECOVERY_MODE_COOKIE ];
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	84	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	85
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	86	$parts = $this->parse_cookie( $cookie );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	87
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	88	if ( is_wp_error( $parts ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	89	return $parts;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	90	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	91
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	92	list( , $created_at, $random, $signature ) = $parts;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	93
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	94	if ( ! ctype_digit( $created_at ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	95	return new WP_Error( 'invalid_created_at', __( 'Invalid cookie format.' ) );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	96	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	97
16 a86126ab1dd4 update enmi-conf ymh <ymh.work@gmail.com> parents: 9 diff changeset	98	/** This filter is documented in wp-includes/class-wp-recovery-mode-cookie-service.php */
9 177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	99	$length = apply_filters( 'recovery_mode_cookie_length', WEEK_IN_SECONDS );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	100
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	101	if ( time() > $created_at + $length ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	102	return new WP_Error( 'expired', __( 'Cookie expired.' ) );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	103	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	104
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	105	$to_sign = sprintf( 'recovery_mode\|%s\|%s', $created_at, $random );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	106	$hashed = $this->recovery_mode_hash( $to_sign );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	107
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	108	if ( ! hash_equals( $signature, $hashed ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	109	return new WP_Error( 'signature_mismatch', __( 'Invalid cookie.' ) );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	110	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	111
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	112	return true;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	113	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	114
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	115	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	116	* Gets the session identifier from the cookie.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	117	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	118	* The cookie should be validated before calling this API.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	119	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	120	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	121	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	122	* @param string $cookie Optionally specify the cookie string.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	123	* If omitted, it will be retrieved from the super global.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	124	* @return string\|WP_Error Session ID on success, or error object on failure.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	125	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	126	public function get_session_id_from_cookie( $cookie = '' ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	127	if ( ! $cookie ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	128	if ( empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	129	return new WP_Error( 'no_cookie', __( 'No cookie present.' ) );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	130	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	131
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	132	$cookie = $_COOKIE[ RECOVERY_MODE_COOKIE ];
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	133	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	134
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	135	$parts = $this->parse_cookie( $cookie );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	136	if ( is_wp_error( $parts ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	137	return $parts;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	138	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	139
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	140	list( , , $random ) = $parts;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	141
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	142	return sha1( $random );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	143	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	144
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	145	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	146	* Parses the cookie into its four parts.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	147	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	148	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	149	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	150	* @param string $cookie Cookie content.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	151	* @return array\|WP_Error Cookie parts array, or error object on failure.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	152	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	153	private function parse_cookie( $cookie ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	154	$cookie = base64_decode( $cookie );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	155	$parts = explode( '\|', $cookie );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	156
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	157	if ( 4 !== count( $parts ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	158	return new WP_Error( 'invalid_format', __( 'Invalid cookie format.' ) );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	159	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	160
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	161	return $parts;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	162	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	163
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	164	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	165	* Generates the recovery mode cookie value.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	166	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	167	* The cookie is a base64 encoded string with the following format:
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	168	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	169	* recovery_mode\|iat\|rand\|signature
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	170	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	171	* Where "recovery_mode" is a constant string,
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	172	* iat is the time the cookie was generated at,
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	173	* rand is a randomly generated password that is also used as a session identifier
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	174	* and signature is an hmac of the preceding 3 parts.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	175	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	176	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	177	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	178	* @return string Generated cookie content.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	179	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	180	private function generate_cookie() {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	181	$to_sign = sprintf( 'recovery_mode\|%s\|%s', time(), wp_generate_password( 20, false ) );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	182	$signed = $this->recovery_mode_hash( $to_sign );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	183
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	184	return base64_encode( sprintf( '%s\|%s', $to_sign, $signed ) );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	185	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	186
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	187	/**
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	188	* Gets a form of `wp_hash()` specific to Recovery Mode.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	189	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	190	* We cannot use `wp_hash()` because it is defined in `pluggable.php` which is not loaded until after plugins are loaded,
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	191	* which is too late to verify the recovery mode cookie.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	192	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	193	* This tries to use the `AUTH` salts first, but if they aren't valid specific salts will be generated and stored.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	194	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	195	* @since 5.2.0
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	196	*
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	197	* @param string $data Data to hash.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	198	* @return string\|false The hashed $data, or false on failure.
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	199	*/
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	200	private function recovery_mode_hash( $data ) {
21 48c4eec2b7e6 Add CLAUDE.md documentation and sync WordPress core files ymh <ymh.work@gmail.com> parents: 18 diff changeset	201	$default_keys = array_unique(
48c4eec2b7e6 Add CLAUDE.md documentation and sync WordPress core files ymh <ymh.work@gmail.com> parents: 18 diff changeset	202	array(
48c4eec2b7e6 Add CLAUDE.md documentation and sync WordPress core files ymh <ymh.work@gmail.com> parents: 18 diff changeset	203	'put your unique phrase here',
48c4eec2b7e6 Add CLAUDE.md documentation and sync WordPress core files ymh <ymh.work@gmail.com> parents: 18 diff changeset	204	/*
48c4eec2b7e6 Add CLAUDE.md documentation and sync WordPress core files ymh <ymh.work@gmail.com> parents: 18 diff changeset	205	* translators: This string should only be translated if wp-config-sample.php is localized.
48c4eec2b7e6 Add CLAUDE.md documentation and sync WordPress core files ymh <ymh.work@gmail.com> parents: 18 diff changeset	206	* You can check the localized release package or
48c4eec2b7e6 Add CLAUDE.md documentation and sync WordPress core files ymh <ymh.work@gmail.com> parents: 18 diff changeset	207	* https://i18n.svn.wordpress.org/<locale code>/branches/<wp version>/dist/wp-config-sample.php
48c4eec2b7e6 Add CLAUDE.md documentation and sync WordPress core files ymh <ymh.work@gmail.com> parents: 18 diff changeset	208	*/
48c4eec2b7e6 Add CLAUDE.md documentation and sync WordPress core files ymh <ymh.work@gmail.com> parents: 18 diff changeset	209	__( 'put your unique phrase here' ),
48c4eec2b7e6 Add CLAUDE.md documentation and sync WordPress core files ymh <ymh.work@gmail.com> parents: 18 diff changeset	210	)
48c4eec2b7e6 Add CLAUDE.md documentation and sync WordPress core files ymh <ymh.work@gmail.com> parents: 18 diff changeset	211	);
48c4eec2b7e6 Add CLAUDE.md documentation and sync WordPress core files ymh <ymh.work@gmail.com> parents: 18 diff changeset	212
48c4eec2b7e6 Add CLAUDE.md documentation and sync WordPress core files ymh <ymh.work@gmail.com> parents: 18 diff changeset	213	if ( ! defined( 'AUTH_KEY' ) \|\| in_array( AUTH_KEY, $default_keys, true ) ) {
9 177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	214	$auth_key = get_site_option( 'recovery_mode_auth_key' );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	215
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	216	if ( ! $auth_key ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	217	if ( ! function_exists( 'wp_generate_password' ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	218	require_once ABSPATH . WPINC . '/pluggable.php';
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	219	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	220
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	221	$auth_key = wp_generate_password( 64, true, true );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	222	update_site_option( 'recovery_mode_auth_key', $auth_key );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	223	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	224	} else {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	225	$auth_key = AUTH_KEY;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	226	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	227
21 48c4eec2b7e6 Add CLAUDE.md documentation and sync WordPress core files ymh <ymh.work@gmail.com> parents: 18 diff changeset	228	if ( ! defined( 'AUTH_SALT' ) \|\| in_array( AUTH_SALT, $default_keys, true ) \|\| AUTH_SALT === $auth_key ) {
9 177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	229	$auth_salt = get_site_option( 'recovery_mode_auth_salt' );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	230
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	231	if ( ! $auth_salt ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	232	if ( ! function_exists( 'wp_generate_password' ) ) {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	233	require_once ABSPATH . WPINC . '/pluggable.php';
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	234	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	235
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	236	$auth_salt = wp_generate_password( 64, true, true );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	237	update_site_option( 'recovery_mode_auth_salt', $auth_salt );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	238	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	239	} else {
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	240	$auth_salt = AUTH_SALT;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	241	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	242
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	243	$secret = $auth_key . $auth_salt;
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	244
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	245	return hash_hmac( 'sha1', $data, $secret );
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	246	}
177826044cd9 upgrade wordpress to 5.2.3 ymh <ymh.work@gmail.com> parents: diff changeset	247	}

author	ymh <ymh.work@gmail.com>
	Mon, 08 Sep 2025 19:44:41 +0200
changeset 23	417f20492bf7
parent 21	48c4eec2b7e6
permissions	-rw-r--r--