|
1 <?php |
|
2 /** |
|
3 * Error Protection API: WP_Recovery_Mode_Cookie_Service class |
|
4 * |
|
5 * @package WordPress |
|
6 * @since 5.2.0 |
|
7 */ |
|
8 |
|
9 /** |
|
10 * Core class used to set, validate, and clear cookies that identify a Recovery Mode session. |
|
11 * |
|
12 * @since 5.2.0 |
|
13 */ |
|
14 final class WP_Recovery_Mode_Cookie_Service { |
|
15 |
|
16 /** |
|
17 * Checks whether the recovery mode cookie is set. |
|
18 * |
|
19 * @since 5.2.0 |
|
20 * |
|
21 * @return bool True if the cookie is set, false otherwise. |
|
22 */ |
|
23 public function is_cookie_set() { |
|
24 return ! empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] ); |
|
25 } |
|
26 |
|
27 /** |
|
28 * Sets the recovery mode cookie. |
|
29 * |
|
30 * This must be immediately followed by exiting the request. |
|
31 * |
|
32 * @since 5.2.0 |
|
33 */ |
|
34 public function set_cookie() { |
|
35 |
|
36 $value = $this->generate_cookie(); |
|
37 |
|
38 setcookie( RECOVERY_MODE_COOKIE, $value, 0, COOKIEPATH, COOKIE_DOMAIN, is_ssl(), true ); |
|
39 |
|
40 if ( COOKIEPATH !== SITECOOKIEPATH ) { |
|
41 setcookie( RECOVERY_MODE_COOKIE, $value, 0, SITECOOKIEPATH, COOKIE_DOMAIN, is_ssl(), true ); |
|
42 } |
|
43 } |
|
44 |
|
45 /** |
|
46 * Clears the recovery mode cookie. |
|
47 * |
|
48 * @since 5.2.0 |
|
49 */ |
|
50 public function clear_cookie() { |
|
51 setcookie( RECOVERY_MODE_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); |
|
52 setcookie( RECOVERY_MODE_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); |
|
53 } |
|
54 |
|
55 /** |
|
56 * Validates the recovery mode cookie. |
|
57 * |
|
58 * @since 5.2.0 |
|
59 * |
|
60 * @param string $cookie Optionally specify the cookie string. |
|
61 * If omitted, it will be retrieved from the super global. |
|
62 * @return true|WP_Error True on success, error object on failure. |
|
63 */ |
|
64 public function validate_cookie( $cookie = '' ) { |
|
65 |
|
66 if ( ! $cookie ) { |
|
67 if ( empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] ) ) { |
|
68 return new WP_Error( 'no_cookie', __( 'No cookie present.' ) ); |
|
69 } |
|
70 |
|
71 $cookie = $_COOKIE[ RECOVERY_MODE_COOKIE ]; |
|
72 } |
|
73 |
|
74 $parts = $this->parse_cookie( $cookie ); |
|
75 |
|
76 if ( is_wp_error( $parts ) ) { |
|
77 return $parts; |
|
78 } |
|
79 |
|
80 list( , $created_at, $random, $signature ) = $parts; |
|
81 |
|
82 if ( ! ctype_digit( $created_at ) ) { |
|
83 return new WP_Error( 'invalid_created_at', __( 'Invalid cookie format.' ) ); |
|
84 } |
|
85 |
|
86 /** |
|
87 * Filter the length of time a Recovery Mode cookie is valid for. |
|
88 * |
|
89 * @since 5.2.0 |
|
90 * |
|
91 * @param int $length Length in seconds. |
|
92 */ |
|
93 $length = apply_filters( 'recovery_mode_cookie_length', WEEK_IN_SECONDS ); |
|
94 |
|
95 if ( time() > $created_at + $length ) { |
|
96 return new WP_Error( 'expired', __( 'Cookie expired.' ) ); |
|
97 } |
|
98 |
|
99 $to_sign = sprintf( 'recovery_mode|%s|%s', $created_at, $random ); |
|
100 $hashed = $this->recovery_mode_hash( $to_sign ); |
|
101 |
|
102 if ( ! hash_equals( $signature, $hashed ) ) { |
|
103 return new WP_Error( 'signature_mismatch', __( 'Invalid cookie.' ) ); |
|
104 } |
|
105 |
|
106 return true; |
|
107 } |
|
108 |
|
109 /** |
|
110 * Gets the session identifier from the cookie. |
|
111 * |
|
112 * The cookie should be validated before calling this API. |
|
113 * |
|
114 * @since 5.2.0 |
|
115 * |
|
116 * @param string $cookie Optionally specify the cookie string. |
|
117 * If omitted, it will be retrieved from the super global. |
|
118 * @return string|WP_Error Session ID on success, or error object on failure. |
|
119 */ |
|
120 public function get_session_id_from_cookie( $cookie = '' ) { |
|
121 if ( ! $cookie ) { |
|
122 if ( empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] ) ) { |
|
123 return new WP_Error( 'no_cookie', __( 'No cookie present.' ) ); |
|
124 } |
|
125 |
|
126 $cookie = $_COOKIE[ RECOVERY_MODE_COOKIE ]; |
|
127 } |
|
128 |
|
129 $parts = $this->parse_cookie( $cookie ); |
|
130 if ( is_wp_error( $parts ) ) { |
|
131 return $parts; |
|
132 } |
|
133 |
|
134 list( , , $random ) = $parts; |
|
135 |
|
136 return sha1( $random ); |
|
137 } |
|
138 |
|
139 /** |
|
140 * Parses the cookie into its four parts. |
|
141 * |
|
142 * @since 5.2.0 |
|
143 * |
|
144 * @param string $cookie Cookie content. |
|
145 * @return array|WP_Error Cookie parts array, or error object on failure. |
|
146 */ |
|
147 private function parse_cookie( $cookie ) { |
|
148 $cookie = base64_decode( $cookie ); |
|
149 $parts = explode( '|', $cookie ); |
|
150 |
|
151 if ( 4 !== count( $parts ) ) { |
|
152 return new WP_Error( 'invalid_format', __( 'Invalid cookie format.' ) ); |
|
153 } |
|
154 |
|
155 return $parts; |
|
156 } |
|
157 |
|
158 /** |
|
159 * Generates the recovery mode cookie value. |
|
160 * |
|
161 * The cookie is a base64 encoded string with the following format: |
|
162 * |
|
163 * recovery_mode|iat|rand|signature |
|
164 * |
|
165 * Where "recovery_mode" is a constant string, |
|
166 * iat is the time the cookie was generated at, |
|
167 * rand is a randomly generated password that is also used as a session identifier |
|
168 * and signature is an hmac of the preceding 3 parts. |
|
169 * |
|
170 * @since 5.2.0 |
|
171 * |
|
172 * @return string Generated cookie content. |
|
173 */ |
|
174 private function generate_cookie() { |
|
175 $to_sign = sprintf( 'recovery_mode|%s|%s', time(), wp_generate_password( 20, false ) ); |
|
176 $signed = $this->recovery_mode_hash( $to_sign ); |
|
177 |
|
178 return base64_encode( sprintf( '%s|%s', $to_sign, $signed ) ); |
|
179 } |
|
180 |
|
181 /** |
|
182 * Gets a form of `wp_hash()` specific to Recovery Mode. |
|
183 * |
|
184 * We cannot use `wp_hash()` because it is defined in `pluggable.php` which is not loaded until after plugins are loaded, |
|
185 * which is too late to verify the recovery mode cookie. |
|
186 * |
|
187 * This tries to use the `AUTH` salts first, but if they aren't valid specific salts will be generated and stored. |
|
188 * |
|
189 * @since 5.2.0 |
|
190 * |
|
191 * @param string $data Data to hash. |
|
192 * @return string|false The hashed $data, or false on failure. |
|
193 */ |
|
194 private function recovery_mode_hash( $data ) { |
|
195 if ( ! defined( 'AUTH_KEY' ) || AUTH_KEY === 'put your unique phrase here' ) { |
|
196 $auth_key = get_site_option( 'recovery_mode_auth_key' ); |
|
197 |
|
198 if ( ! $auth_key ) { |
|
199 if ( ! function_exists( 'wp_generate_password' ) ) { |
|
200 require_once ABSPATH . WPINC . '/pluggable.php'; |
|
201 } |
|
202 |
|
203 $auth_key = wp_generate_password( 64, true, true ); |
|
204 update_site_option( 'recovery_mode_auth_key', $auth_key ); |
|
205 } |
|
206 } else { |
|
207 $auth_key = AUTH_KEY; |
|
208 } |
|
209 |
|
210 if ( ! defined( 'AUTH_SALT' ) || AUTH_SALT === 'put your unique phrase here' || AUTH_SALT === $auth_key ) { |
|
211 $auth_salt = get_site_option( 'recovery_mode_auth_salt' ); |
|
212 |
|
213 if ( ! $auth_salt ) { |
|
214 if ( ! function_exists( 'wp_generate_password' ) ) { |
|
215 require_once ABSPATH . WPINC . '/pluggable.php'; |
|
216 } |
|
217 |
|
218 $auth_salt = wp_generate_password( 64, true, true ); |
|
219 update_site_option( 'recovery_mode_auth_salt', $auth_salt ); |
|
220 } |
|
221 } else { |
|
222 $auth_salt = AUTH_SALT; |
|
223 } |
|
224 |
|
225 $secret = $auth_key . $auth_salt; |
|
226 |
|
227 return hash_hmac( 'sha1', $data, $secret ); |
|
228 } |
|
229 } |