Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
71.57% |
282 / 394 |
|
41.67% |
15 / 36 |
CRAP | |
0.00% |
0 / 1 |
| Identity_Crisis | |
71.57% |
282 / 394 |
|
41.67% |
15 / 36 |
878.46 | |
0.00% |
0 / 1 |
| init | |
100.00% |
3 / 3 |
|
100.00% |
1 / 1 |
2 | |||
| __construct | |
87.50% |
14 / 16 |
|
0.00% |
0 / 1 |
2.01 | |||
| do_jetpack_idc_disconnect | |
0.00% |
0 / 6 |
|
0.00% |
0 / 1 |
6 | |||
| jetpack_connection_disconnect_site_wpcom_filter | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
| maybe_clear_migrate_option | |
0.00% |
0 / 8 |
|
0.00% |
0 / 1 |
90 | |||
| wordpress_init | |
0.00% |
0 / 8 |
|
0.00% |
0 / 1 |
30 | |||
| add_idc_query_args_to_url | |
90.48% |
19 / 21 |
|
0.00% |
0 / 1 |
8.06 | |||
| display_admin_bar_button | |
0.00% |
0 / 24 |
|
0.00% |
0 / 1 |
20 | |||
| check_identity_crisis | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
4 | |||
| check_http_response_for_idc_detected | |
100.00% |
8 / 8 |
|
100.00% |
1 / 1 |
4 | |||
| check_response_for_idc | |
100.00% |
12 / 12 |
|
100.00% |
1 / 1 |
4 | |||
| get_idc_option_with_preserved_timing | |
100.00% |
7 / 7 |
|
100.00% |
1 / 1 |
4 | |||
| get_valid_delay_from_existing_idc | |
87.50% |
7 / 8 |
|
0.00% |
0 / 1 |
5.05 | |||
| has_same_wpcom_urls | |
90.91% |
10 / 11 |
|
0.00% |
0 / 1 |
8.05 | |||
| clear_all_idc_options | |
81.82% |
9 / 11 |
|
0.00% |
0 / 1 |
2.02 | |||
| validate_sync_error_idc_option | |
96.00% |
24 / 25 |
|
0.00% |
0 / 1 |
20 | |||
| reverse_wpcom_urls_for_idc | |
100.00% |
6 / 6 |
|
100.00% |
1 / 1 |
4 | |||
| should_remote_validate_idc | |
80.00% |
8 / 10 |
|
0.00% |
0 / 1 |
5.20 | |||
| remote_validate_idc | |
91.67% |
55 / 60 |
|
0.00% |
0 / 1 |
15.13 | |||
| invalidate_idc_option_cache | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
| normalize_url_protocol_agnostic | |
36.36% |
4 / 11 |
|
0.00% |
0 / 1 |
8.12 | |||
| get_sync_error_idc_option | |
95.65% |
22 / 23 |
|
0.00% |
0 / 1 |
7 | |||
| should_handle_idc | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
3 | |||
| has_identity_crisis | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
2 | |||
| safe_mode_is_confirmed | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
| get_mismatched_urls | |
100.00% |
19 / 19 |
|
100.00% |
1 / 1 |
9 | |||
| detect_possible_dynamic_site_url | |
0.00% |
0 / 16 |
|
0.00% |
0 / 1 |
30 | |||
| locate_wp_config | |
0.00% |
0 / 12 |
|
0.00% |
0 / 1 |
72 | |||
| add_secret_to_url_validation_response | |
80.00% |
8 / 10 |
|
0.00% |
0 / 1 |
4.13 | |||
| url_is_ip | |
75.00% |
3 / 4 |
|
0.00% |
0 / 1 |
3.14 | |||
| register_request_body | |
100.00% |
5 / 5 |
|
100.00% |
1 / 1 |
2 | |||
| site_registered | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
| maybe_update_ip_requester | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
12 | |||
| set_ip_requester_for_idc | |
95.00% |
19 / 20 |
|
0.00% |
0 / 1 |
7 | |||
| update_ip_requester | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
2 | |||
| add_ip_requester_to_url_validation_response | |
30.00% |
3 / 10 |
|
0.00% |
0 / 1 |
13.57 | |||
| 1 | <?php |
| 2 | /** |
| 3 | * Identity_Crisis class of the Connection package. |
| 4 | * |
| 5 | * @package automattic/jetpack-connection |
| 6 | */ |
| 7 | |
| 8 | namespace Automattic\Jetpack; |
| 9 | |
| 10 | use Automattic\Jetpack\Connection\Client; |
| 11 | use Automattic\Jetpack\Connection\Manager as Connection_Manager; |
| 12 | use Automattic\Jetpack\Connection\Urls; |
| 13 | use Automattic\Jetpack\IdentityCrisis\Exception; |
| 14 | use Automattic\Jetpack\IdentityCrisis\UI; |
| 15 | use Automattic\Jetpack\IdentityCrisis\URL_Secret; |
| 16 | use Jetpack_Options; |
| 17 | use WP_Error; |
| 18 | |
| 19 | /** |
| 20 | * This class will handle everything involved with fixing an Identity Crisis. |
| 21 | * |
| 22 | * @since automattic/jetpack-identity-crisis:0.2.0 |
| 23 | * @since-jetpack 4.4.0 |
| 24 | * @since 2.9.0 |
| 25 | */ |
| 26 | class Identity_Crisis { |
| 27 | /** |
| 28 | * Persistent WPCOM blog ID that stays in the options after disconnect. |
| 29 | */ |
| 30 | const PERSISTENT_BLOG_ID_OPTION_NAME = 'jetpack_persistent_blog_id'; |
| 31 | |
| 32 | /** |
| 33 | * Initial delay for IDC validation in seconds (1 hour). |
| 34 | */ |
| 35 | const IDC_VALIDATION_INITIAL_DELAY = 3600; |
| 36 | |
| 37 | /** |
| 38 | * Maximum delay for IDC validation in seconds (30 days). |
| 39 | */ |
| 40 | const IDC_VALIDATION_MAX_DELAY = 2592000; |
| 41 | |
| 42 | /** |
| 43 | * Instance of the object. |
| 44 | * |
| 45 | * @var Identity_Crisis |
| 46 | **/ |
| 47 | private static $instance = null; |
| 48 | |
| 49 | /** |
| 50 | * The wpcom value of the home URL. |
| 51 | * |
| 52 | * @var string |
| 53 | */ |
| 54 | public static $wpcom_home_url; |
| 55 | |
| 56 | /** |
| 57 | * Has safe mode been confirmed? |
| 58 | * Beware, it never contains `true` for non-admins, so doesn't always reflect the actual value. |
| 59 | * |
| 60 | * @var bool |
| 61 | */ |
| 62 | public static $is_safe_mode_confirmed; |
| 63 | |
| 64 | /** |
| 65 | * The current screen, which is set if the current user is a non-admin and this is an admin page. |
| 66 | * |
| 67 | * @var \WP_Screen |
| 68 | */ |
| 69 | public static $current_screen; |
| 70 | |
| 71 | /** |
| 72 | * Initializer. |
| 73 | * |
| 74 | * @return object |
| 75 | */ |
| 76 | public static function init() { |
| 77 | if ( self::$instance === null ) { |
| 78 | self::$instance = new Identity_Crisis(); |
| 79 | } |
| 80 | |
| 81 | return self::$instance; |
| 82 | } |
| 83 | |
| 84 | /** |
| 85 | * Class constructor. |
| 86 | * |
| 87 | * @return void |
| 88 | */ |
| 89 | private function __construct() { |
| 90 | add_action( 'jetpack_sync_processed_actions', array( $this, 'maybe_clear_migrate_option' ) ); |
| 91 | add_action( 'rest_api_init', array( 'Automattic\\Jetpack\\IdentityCrisis\\REST_Endpoints', 'initialize_rest_api' ) ); |
| 92 | add_action( 'jetpack_idc_disconnect', array( __CLASS__, 'do_jetpack_idc_disconnect' ) ); |
| 93 | add_action( 'jetpack_received_remote_request_response', array( $this, 'check_http_response_for_idc_detected' ) ); |
| 94 | |
| 95 | add_filter( 'jetpack_connection_disconnect_site_wpcom', array( __CLASS__, 'jetpack_connection_disconnect_site_wpcom_filter' ) ); |
| 96 | |
| 97 | add_filter( 'jetpack_remote_request_url', array( $this, 'add_idc_query_args_to_url' ) ); |
| 98 | |
| 99 | add_filter( 'jetpack_connection_validate_urls_for_idc_mitigation_response', array( static::class, 'add_secret_to_url_validation_response' ) ); |
| 100 | add_filter( 'jetpack_connection_validate_urls_for_idc_mitigation_response', array( static::class, 'add_ip_requester_to_url_validation_response' ) ); |
| 101 | |
| 102 | add_filter( 'jetpack_options', array( static::class, 'reverse_wpcom_urls_for_idc' ) ); |
| 103 | |
| 104 | add_filter( 'jetpack_register_request_body', array( static::class, 'register_request_body' ) ); |
| 105 | add_action( 'jetpack_site_registered', array( static::class, 'site_registered' ) ); |
| 106 | |
| 107 | $urls_in_crisis = self::check_identity_crisis(); |
| 108 | if ( false === $urls_in_crisis ) { |
| 109 | return; |
| 110 | } |
| 111 | |
| 112 | self::$wpcom_home_url = $urls_in_crisis['wpcom_home']; |
| 113 | add_action( 'init', array( $this, 'wordpress_init' ) ); |
| 114 | } |
| 115 | |
| 116 | /** |
| 117 | * Disconnect current connection and clear IDC options. |
| 118 | */ |
| 119 | public static function do_jetpack_idc_disconnect() { |
| 120 | $connection = new Connection_Manager(); |
| 121 | |
| 122 | // If the site is in an IDC because sync is not allowed, |
| 123 | // let's make sure to not disconnect the production site. |
| 124 | if ( ! self::validate_sync_error_idc_option() ) { |
| 125 | $connection->disconnect_site( true ); |
| 126 | } else { |
| 127 | $connection->disconnect_site( false ); |
| 128 | } |
| 129 | |
| 130 | delete_option( static::PERSISTENT_BLOG_ID_OPTION_NAME ); |
| 131 | |
| 132 | // Clear IDC options. |
| 133 | self::clear_all_idc_options(); |
| 134 | } |
| 135 | |
| 136 | /** |
| 137 | * Filter to prevent site from disconnecting from WPCOM if it's in an IDC. |
| 138 | * |
| 139 | * @see jetpack_connection_disconnect_site_wpcom filter. |
| 140 | * |
| 141 | * @return bool False if the site is in IDC, true otherwise. |
| 142 | */ |
| 143 | public static function jetpack_connection_disconnect_site_wpcom_filter() { |
| 144 | return ! self::validate_sync_error_idc_option(); |
| 145 | } |
| 146 | |
| 147 | /** |
| 148 | * This method loops through the array of processed items from sync and checks if one of the items was the |
| 149 | * home_url or site_url callable. If so, then we delete the jetpack_migrate_for_idc option. |
| 150 | * |
| 151 | * @param array $processed_items Array of processed items that were synced to WordPress.com. |
| 152 | */ |
| 153 | public function maybe_clear_migrate_option( $processed_items ) { |
| 154 | foreach ( (array) $processed_items as $item ) { |
| 155 | |
| 156 | // First, is this item a jetpack_sync_callable action? If so, then proceed. |
| 157 | $callable_args = ( is_array( $item ) && isset( $item[0] ) && isset( $item[1] ) && 'jetpack_sync_callable' === $item[0] ) |
| 158 | ? $item[1] |
| 159 | : null; |
| 160 | |
| 161 | // Second, if $callable_args is set, check if the callable was home_url or site_url. If so, |
| 162 | // clear the migrate option. |
| 163 | if ( |
| 164 | isset( $callable_args[0] ) |
| 165 | && ( 'home_url' === $callable_args[0] || 'site_url' === $callable_args[1] ) |
| 166 | ) { |
| 167 | Jetpack_Options::delete_option( 'migrate_for_idc' ); |
| 168 | break; |
| 169 | } |
| 170 | } |
| 171 | } |
| 172 | |
| 173 | /** |
| 174 | * WordPress init. |
| 175 | * |
| 176 | * @return void |
| 177 | */ |
| 178 | public function wordpress_init() { |
| 179 | if ( current_user_can( 'jetpack_disconnect' ) ) { |
| 180 | if ( |
| 181 | isset( $_GET['jetpack_idc_clear_confirmation'] ) && isset( $_GET['_wpnonce'] ) && |
| 182 | wp_verify_nonce( $_GET['_wpnonce'], 'jetpack_idc_clear_confirmation' ) // phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- WordPress core doesn't unslash or verify nonces either. |
| 183 | ) { |
| 184 | Jetpack_Options::delete_option( 'safe_mode_confirmed' ); |
| 185 | self::$is_safe_mode_confirmed = false; |
| 186 | } else { |
| 187 | self::$is_safe_mode_confirmed = (bool) Jetpack_Options::get_option( 'safe_mode_confirmed' ); |
| 188 | } |
| 189 | } |
| 190 | |
| 191 | // 121 Priority so that it's the most inner Jetpack item in the admin bar. |
| 192 | add_action( 'admin_bar_menu', array( $this, 'display_admin_bar_button' ), 121 ); |
| 193 | |
| 194 | UI::init(); |
| 195 | } |
| 196 | |
| 197 | /** |
| 198 | * Add the idc query arguments to the url. |
| 199 | * |
| 200 | * @param string $url The remote request url. |
| 201 | */ |
| 202 | public function add_idc_query_args_to_url( $url ) { |
| 203 | $status = new Status(); |
| 204 | if ( ! is_string( $url ) |
| 205 | || $status->is_offline_mode() |
| 206 | || self::validate_sync_error_idc_option() ) { |
| 207 | return $url; |
| 208 | } |
| 209 | $home_url = Urls::home_url(); |
| 210 | $site_url = Urls::site_url(); |
| 211 | $hostname = wp_parse_url( $site_url, PHP_URL_HOST ); |
| 212 | |
| 213 | // If request is from an IP, make sure ip_requester option is set |
| 214 | if ( self::url_is_ip( $hostname ) ) { |
| 215 | self::maybe_update_ip_requester( $hostname ); |
| 216 | } |
| 217 | |
| 218 | $query_args = array( |
| 219 | 'home' => $home_url, |
| 220 | 'siteurl' => $site_url, |
| 221 | ); |
| 222 | |
| 223 | if ( self::should_handle_idc() ) { |
| 224 | $query_args['idc'] = true; |
| 225 | } |
| 226 | |
| 227 | if ( \Jetpack_Options::get_option( 'migrate_for_idc', false ) ) { |
| 228 | $query_args['migrate_for_idc'] = true; |
| 229 | } |
| 230 | |
| 231 | if ( is_multisite() ) { |
| 232 | $query_args['multisite'] = true; |
| 233 | } |
| 234 | |
| 235 | return add_query_arg( $query_args, $url ); |
| 236 | } |
| 237 | |
| 238 | /** |
| 239 | * Renders the admin bar button. |
| 240 | * |
| 241 | * @return void |
| 242 | */ |
| 243 | public function display_admin_bar_button() { |
| 244 | global $wp_admin_bar; |
| 245 | |
| 246 | $href = is_admin() |
| 247 | ? add_query_arg( 'jetpack_idc_clear_confirmation', '1' ) |
| 248 | : add_query_arg( 'jetpack_idc_clear_confirmation', '1', admin_url() ); |
| 249 | |
| 250 | $href = wp_nonce_url( $href, 'jetpack_idc_clear_confirmation' ); |
| 251 | |
| 252 | $consumer_data = UI::get_consumer_data(); |
| 253 | $label = isset( $consumer_data['customContent']['adminBarSafeModeLabel'] ) |
| 254 | ? esc_html( $consumer_data['customContent']['adminBarSafeModeLabel'] ) |
| 255 | : esc_html__( 'Jetpack Safe Mode', 'jetpack-connection' ); |
| 256 | |
| 257 | $title = sprintf( |
| 258 | '<span class="jp-idc-admin-bar">%s %s</span>', |
| 259 | '<span class="dashicons dashicons-info-outline"></span>', |
| 260 | $label |
| 261 | ); |
| 262 | |
| 263 | $menu = array( |
| 264 | 'id' => 'jetpack-idc', |
| 265 | 'title' => $title, |
| 266 | 'href' => esc_url( $href ), |
| 267 | 'parent' => 'top-secondary', |
| 268 | ); |
| 269 | |
| 270 | if ( ! self::$is_safe_mode_confirmed ) { |
| 271 | $menu['meta'] = array( |
| 272 | 'class' => 'hide', |
| 273 | ); |
| 274 | } |
| 275 | |
| 276 | $wp_admin_bar->add_node( $menu ); |
| 277 | } |
| 278 | |
| 279 | /** |
| 280 | * Checks if the site is currently in an identity crisis. |
| 281 | * |
| 282 | * @return array|bool Array of options that are in a crisis, or false if everything is OK. |
| 283 | */ |
| 284 | public static function check_identity_crisis() { |
| 285 | $connection = new Connection_Manager( 'jetpack' ); |
| 286 | |
| 287 | if ( ! $connection->is_connected() || ( new Status() )->is_offline_mode() || ! self::validate_sync_error_idc_option() ) { |
| 288 | return false; |
| 289 | } |
| 290 | return Jetpack_Options::get_option( 'sync_error_idc' ); |
| 291 | } |
| 292 | |
| 293 | /** |
| 294 | * Checks the HTTP response body for the 'idc_detected' key. If the key exists, |
| 295 | * checks the idc_detected value for a valid idc error. |
| 296 | * |
| 297 | * @param array|WP_Error $http_response The HTTP response. |
| 298 | * |
| 299 | * @return bool Whether the site is in an identity crisis. |
| 300 | */ |
| 301 | public function check_http_response_for_idc_detected( $http_response ) { |
| 302 | if ( ! is_array( $http_response ) ) { |
| 303 | return false; |
| 304 | } |
| 305 | $response_body = json_decode( wp_remote_retrieve_body( $http_response ), true ); |
| 306 | |
| 307 | if ( isset( $response_body['idc_detected'] ) ) { |
| 308 | return $this->check_response_for_idc( $response_body['idc_detected'] ); |
| 309 | } |
| 310 | |
| 311 | if ( isset( $response_body['migrated_for_idc'] ) ) { |
| 312 | Jetpack_Options::delete_option( 'migrate_for_idc' ); |
| 313 | } |
| 314 | |
| 315 | return false; |
| 316 | } |
| 317 | |
| 318 | /** |
| 319 | * Checks the WPCOM response to determine if the site is in an identity crisis. Updates the |
| 320 | * sync_error_idc option if it is. |
| 321 | * |
| 322 | * @param array $response The response data. |
| 323 | * |
| 324 | * @return bool Whether the site is in an identity crisis. |
| 325 | */ |
| 326 | public function check_response_for_idc( $response ) { |
| 327 | if ( is_array( $response ) && isset( $response['error_code'] ) ) { |
| 328 | $error_code = $response['error_code']; |
| 329 | $allowed_idc_error_codes = array( |
| 330 | 'jetpack_url_mismatch', |
| 331 | 'jetpack_home_url_mismatch', |
| 332 | 'jetpack_site_url_mismatch', |
| 333 | ); |
| 334 | |
| 335 | if ( in_array( $error_code, $allowed_idc_error_codes, true ) ) { |
| 336 | // This is a defensive fallback. |
| 337 | $new_idc_data = self::get_idc_option_with_preserved_timing( $response ); |
| 338 | Jetpack_Options::update_option( 'sync_error_idc', $new_idc_data ); |
| 339 | } |
| 340 | |
| 341 | return true; |
| 342 | } |
| 343 | |
| 344 | return false; |
| 345 | } |
| 346 | |
| 347 | /** |
| 348 | * Gets IDC option data with timing preserved from existing option if appropriate. |
| 349 | * |
| 350 | * This is a defensive fallback for edge cases where IDC errors are repeatedly detected |
| 351 | * even though the site should be in IDC mode. However, edge cases can cause the option |
| 352 | * to be deleted, triggering new IDC detections. |
| 353 | * |
| 354 | * @param array $response The IDC error response from WordPress.com. |
| 355 | * |
| 356 | * @return array The IDC option data, with timing preserved if the wpcom URLs match. |
| 357 | */ |
| 358 | private static function get_idc_option_with_preserved_timing( $response ) { |
| 359 | // Get existing IDC option to check if this is the same error. |
| 360 | $existing_idc = Jetpack_Options::get_option( 'sync_error_idc' ); |
| 361 | |
| 362 | // Get the new error data with fresh timing values. |
| 363 | $new_idc_data = self::get_sync_error_idc_option( $response ); |
| 364 | |
| 365 | // If an existing IDC exists and the wpcom URLs match, preserve the backoff delay. |
| 366 | if ( is_array( $existing_idc ) && self::has_same_wpcom_urls( $existing_idc, $new_idc_data ) ) { |
| 367 | // Same wpcom URLs - preserve the backoff delay. |
| 368 | // Note: last_checked is already set to time() by get_sync_error_idc_option(), |
| 369 | // which is correct - we want to record that we just saw this error again. |
| 370 | $preserved_delay = self::get_valid_delay_from_existing_idc( $existing_idc ); |
| 371 | if ( $preserved_delay !== null ) { |
| 372 | $new_idc_data['next_check_delay'] = $preserved_delay; |
| 373 | } |
| 374 | } |
| 375 | // else: Different wpcom URLs or first time - use fresh timing from get_sync_error_idc_option(). |
| 376 | |
| 377 | return $new_idc_data; |
| 378 | } |
| 379 | |
| 380 | /** |
| 381 | * Extracts and validates the next_check_delay from an existing IDC option. |
| 382 | * |
| 383 | * @param array $existing_idc The existing IDC option data. |
| 384 | * |
| 385 | * @return int|null The validated delay in seconds, or null if invalid. |
| 386 | */ |
| 387 | private static function get_valid_delay_from_existing_idc( $existing_idc ) { |
| 388 | if ( ! isset( $existing_idc['next_check_delay'] ) ) { |
| 389 | return null; |
| 390 | } |
| 391 | |
| 392 | $delay = $existing_idc['next_check_delay']; |
| 393 | |
| 394 | // Validate the delay is numeric and within acceptable bounds. |
| 395 | if ( |
| 396 | ! is_numeric( $delay ) || |
| 397 | $delay < self::IDC_VALIDATION_INITIAL_DELAY || |
| 398 | $delay > self::IDC_VALIDATION_MAX_DELAY |
| 399 | ) { |
| 400 | return null; |
| 401 | } |
| 402 | |
| 403 | return (int) $delay; |
| 404 | } |
| 405 | |
| 406 | /** |
| 407 | * Determines if two IDC error arrays have the same wpcom URLs. |
| 408 | * |
| 409 | * The wpcom URLs are stored in reversed form in the database, but the jetpack_options |
| 410 | * filter un-reverses them when retrieved. This method normalizes both sets of URLs |
| 411 | * to reversed form before comparing. |
| 412 | * |
| 413 | * @param array $idc1 First IDC error data (from get_option, may be un-reversed). |
| 414 | * @param array $idc2 Second IDC error data (from get_sync_error_idc_option, reversed). |
| 415 | * |
| 416 | * @return bool True if they have the same wpcom URLs. |
| 417 | */ |
| 418 | private static function has_same_wpcom_urls( $idc1, $idc2 ) { |
| 419 | // Both must have wpcom_home and wpcom_siteurl to be comparable. |
| 420 | if ( |
| 421 | ! isset( $idc1['wpcom_home'] ) || |
| 422 | ! isset( $idc1['wpcom_siteurl'] ) || |
| 423 | ! isset( $idc2['wpcom_home'] ) || |
| 424 | ! isset( $idc2['wpcom_siteurl'] ) || |
| 425 | ! isset( $idc1['reversed_url'] ) || |
| 426 | ! isset( $idc2['reversed_url'] ) |
| 427 | ) { |
| 428 | return false; |
| 429 | } |
| 430 | |
| 431 | // The existing IDC data has been un-reversed by the jetpack_options filter when |
| 432 | // retrieved via Jetpack_Options::get_option(), so the wpcom URLs are in normal format. |
| 433 | // The new data from get_sync_error_idc_option() has reversed URLs. |
| 434 | // Reverse the existing URLs to match the format of the new data for comparison. |
| 435 | $existing_wpcom_home = strrev( $idc1['wpcom_home'] ); |
| 436 | $existing_wpcom_siteurl = strrev( $idc1['wpcom_siteurl'] ); |
| 437 | |
| 438 | // Compare the reversed URLs. |
| 439 | return $existing_wpcom_home === $idc2['wpcom_home'] |
| 440 | && $existing_wpcom_siteurl === $idc2['wpcom_siteurl']; |
| 441 | } |
| 442 | |
| 443 | /** |
| 444 | * Clears all IDC specific options. This method is used on disconnect and reconnect. |
| 445 | * |
| 446 | * @return void |
| 447 | */ |
| 448 | public static function clear_all_idc_options() { |
| 449 | // If the site is currently in IDC, let's also clear the VaultPress connection options. |
| 450 | // We have to check if the site is in IDC, otherwise we'd be clearing the VaultPress |
| 451 | // connection any time the Jetpack connection is cycled. |
| 452 | if ( self::validate_sync_error_idc_option() ) { |
| 453 | delete_option( 'vaultpress' ); |
| 454 | delete_option( 'vaultpress_auto_register' ); |
| 455 | } |
| 456 | |
| 457 | Jetpack_Options::delete_option( |
| 458 | array( |
| 459 | 'sync_error_idc', |
| 460 | 'safe_mode_confirmed', |
| 461 | 'migrate_for_idc', |
| 462 | ) |
| 463 | ); |
| 464 | |
| 465 | delete_transient( 'jetpack_idc_possible_dynamic_site_url_detected' ); |
| 466 | } |
| 467 | |
| 468 | /** |
| 469 | * Checks whether the sync_error_idc option is valid or not, and if not, will do cleanup. |
| 470 | * |
| 471 | * @return bool |
| 472 | * @since-jetpack 5.4.0 Do not call get_sync_error_idc_option() unless site is in IDC |
| 473 | * |
| 474 | * @since 0.2.0 |
| 475 | * @since-jetpack 4.4.0 |
| 476 | */ |
| 477 | public static function validate_sync_error_idc_option() { |
| 478 | $is_valid = false; |
| 479 | |
| 480 | // Is the site opted in and does the stored sync_error_idc option match what we now generate? |
| 481 | $sync_error = Jetpack_Options::get_option( 'sync_error_idc' ); |
| 482 | if ( $sync_error && self::should_handle_idc() ) { |
| 483 | // Ensure backward compatibility: add validation timing fields if missing. |
| 484 | // Also ensure $sync_error is an array (could be a scalar from older code). |
| 485 | if ( ! is_array( $sync_error ) ) { |
| 486 | $sync_error = array(); |
| 487 | } |
| 488 | if ( ! isset( $sync_error['last_checked'] ) ) { |
| 489 | $sync_error['last_checked'] = 0; |
| 490 | } |
| 491 | if ( ! isset( $sync_error['next_check_delay'] ) ) { |
| 492 | $sync_error['next_check_delay'] = self::IDC_VALIDATION_INITIAL_DELAY; |
| 493 | } |
| 494 | |
| 495 | $local_options = self::get_sync_error_idc_option(); |
| 496 | |
| 497 | // Ensure all values are set. |
| 498 | if ( isset( $sync_error['home'] ) && isset( $local_options['home'] ) && isset( $sync_error['siteurl'] ) && isset( $local_options['siteurl'] ) ) { |
| 499 | // If the WP.com expected home and siteurl match local home and siteurl it is not valid IDC. |
| 500 | if ( |
| 501 | isset( $sync_error['wpcom_home'] ) && |
| 502 | isset( $sync_error['wpcom_siteurl'] ) && |
| 503 | $sync_error['wpcom_home'] === $local_options['home'] && |
| 504 | $sync_error['wpcom_siteurl'] === $local_options['siteurl'] |
| 505 | ) { |
| 506 | // Enable migrate_for_idc so that sync actions are accepted. |
| 507 | Jetpack_Options::update_option( 'migrate_for_idc', true ); |
| 508 | } elseif ( $sync_error['home'] === $local_options['home'] && $sync_error['siteurl'] === $local_options['siteurl'] ) { |
| 509 | $is_valid = true; |
| 510 | |
| 511 | // Check if it's time to validate the IDC with a remote call to WordPress.com. |
| 512 | if ( self::should_remote_validate_idc( $sync_error ) ) { |
| 513 | // Perform remote validation. |
| 514 | if ( self::remote_validate_idc( $sync_error ) ) { |
| 515 | // IDC was cleared remotely. The option is already deleted by |
| 516 | // remote_validate_idc(), so return false immediately to |
| 517 | // avoid double deletion and allow the filter to run. |
| 518 | return (bool) apply_filters( 'jetpack_sync_error_idc_validation', false ); |
| 519 | } |
| 520 | } |
| 521 | } |
| 522 | } |
| 523 | } |
| 524 | |
| 525 | /** |
| 526 | * Filters whether the sync_error_idc option is valid. |
| 527 | * |
| 528 | * @param bool $is_valid If the sync_error_idc is valid or not. |
| 529 | * |
| 530 | * @since 0.2.0 |
| 531 | * @since-jetpack 4.4.0 |
| 532 | */ |
| 533 | $is_valid = (bool) apply_filters( 'jetpack_sync_error_idc_validation', $is_valid ); |
| 534 | |
| 535 | if ( ! $is_valid && $sync_error ) { |
| 536 | // Since the option exists, and did not validate, delete it. |
| 537 | Jetpack_Options::delete_option( 'sync_error_idc' ); |
| 538 | } |
| 539 | |
| 540 | return $is_valid; |
| 541 | } |
| 542 | |
| 543 | /** |
| 544 | * Reverses WP.com URLs stored in sync_error_idc option. |
| 545 | * |
| 546 | * @param array $sync_error error option containing reversed URLs. |
| 547 | * @return array |
| 548 | */ |
| 549 | public static function reverse_wpcom_urls_for_idc( $sync_error ) { |
| 550 | if ( isset( $sync_error['reversed_url'] ) ) { |
| 551 | if ( array_key_exists( 'wpcom_siteurl', $sync_error ) ) { |
| 552 | $sync_error['wpcom_siteurl'] = strrev( $sync_error['wpcom_siteurl'] ); |
| 553 | } |
| 554 | if ( array_key_exists( 'wpcom_home', $sync_error ) ) { |
| 555 | $sync_error['wpcom_home'] = strrev( $sync_error['wpcom_home'] ); |
| 556 | } |
| 557 | } |
| 558 | return $sync_error; |
| 559 | } |
| 560 | |
| 561 | /** |
| 562 | * Checks if enough time has passed to validate the IDC with a remote call. |
| 563 | * |
| 564 | * Uses progressive delay: starts at 1 hour, doubles each time (1h, 2h, 4h, 8h, 16h...), |
| 565 | * and stops checking once the maximum delay of 30 days is reached. |
| 566 | * |
| 567 | * @param array $sync_error The stored sync_error_idc option. |
| 568 | * @return bool True if validation should be performed, false otherwise. |
| 569 | */ |
| 570 | public static function should_remote_validate_idc( $sync_error ) { |
| 571 | // Respect the user's decision to stay in safe mode. |
| 572 | // If safe mode is confirmed, don't attempt validation. |
| 573 | if ( self::safe_mode_is_confirmed() ) { |
| 574 | return false; |
| 575 | } |
| 576 | |
| 577 | // If a validation is already in progress or recently completed, don't trigger another. |
| 578 | if ( get_transient( 'jetpack_idc_validation_lock' ) ) { |
| 579 | return false; |
| 580 | } |
| 581 | |
| 582 | // If delay is not set or invalid, validate immediately to bring into new system. |
| 583 | if ( empty( $sync_error['next_check_delay'] ) ) { |
| 584 | return true; |
| 585 | } |
| 586 | |
| 587 | // If delay has reached or exceeded the maximum, stop validating. |
| 588 | if ( $sync_error['next_check_delay'] >= self::IDC_VALIDATION_MAX_DELAY ) { |
| 589 | return false; |
| 590 | } |
| 591 | |
| 592 | // Check if enough time has passed since the last check. |
| 593 | $time_since_last_check = time() - ( $sync_error['last_checked'] ?? 0 ); |
| 594 | return $time_since_last_check >= $sync_error['next_check_delay']; |
| 595 | } |
| 596 | |
| 597 | /** |
| 598 | * Validates the stored IDC by making a remote call to WordPress.com. |
| 599 | * |
| 600 | * Makes a lightweight API call to check if WordPress.com still detects an IDC. |
| 601 | * If no IDC is detected in the response, the local IDC option is cleared. |
| 602 | * If an IDC is still detected, the option is refreshed with the latest URL data from |
| 603 | * WordPress.com and the validation timestamps are updated with progressive backoff. |
| 604 | * If the request fails (network error, timeout, etc.), timing is updated to prevent |
| 605 | * immediate retries but the delay interval is not increased. |
| 606 | * |
| 607 | * @param array $sync_error The stored sync_error_idc option with timing fields. |
| 608 | * @return bool True if IDC was cleared, false otherwise. |
| 609 | */ |
| 610 | public static function remote_validate_idc( $sync_error ) { |
| 611 | // Prevent recursive calls that could cause infinite loops within the same request. |
| 612 | static $is_validating = false; |
| 613 | if ( $is_validating ) { |
| 614 | return false; |
| 615 | } |
| 616 | |
| 617 | $blog_id = Jetpack_Options::get_option( 'id' ); |
| 618 | if ( ! $blog_id ) { |
| 619 | // Site not registered - IDC state is invalid without a connection to WordPress.com. |
| 620 | // Clear the IDC since there's nothing to validate against, and the site can't |
| 621 | // restore the blog_id while in IDC anyway (connection flow is blocked). |
| 622 | Jetpack_Options::delete_option( 'sync_error_idc' ); |
| 623 | return true; // Return true to indicate IDC was cleared. |
| 624 | } |
| 625 | |
| 626 | // Use a transient lock to prevent concurrent validations across multiple requests. |
| 627 | // Lock for the full backoff duration to prevent retries during the delay window. |
| 628 | $lock_key = 'jetpack_idc_validation_lock'; |
| 629 | $lock_duration = $sync_error['next_check_delay'] ?? self::IDC_VALIDATION_INITIAL_DELAY; |
| 630 | |
| 631 | if ( get_transient( $lock_key ) ) { |
| 632 | return false; |
| 633 | } |
| 634 | |
| 635 | // Set the lock and verify it was set successfully. |
| 636 | // If the write fails, bail immediately to prevent request floods. |
| 637 | if ( ! set_transient( $lock_key, true, $lock_duration ) ) { |
| 638 | return false; // Bail - can't prevent concurrent requests. |
| 639 | } |
| 640 | |
| 641 | $is_validating = true; |
| 642 | |
| 643 | // Update last_checked before making the API call. |
| 644 | // This prevents retries even if the API call hangs, times out, or response handling fails. |
| 645 | $sync_error['last_checked'] = time(); |
| 646 | // Note: update_option may return false if value unchanged, which is OK. |
| 647 | // We only bail if we can't verify the option exists with correct timestamp. |
| 648 | Jetpack_Options::update_option( 'sync_error_idc', $sync_error ); |
| 649 | |
| 650 | // Verify the critical timing field was persisted. |
| 651 | // This protects against caching/DB issues that would cause request floods. |
| 652 | $verified_option = Jetpack_Options::get_option( 'sync_error_idc' ); |
| 653 | if ( |
| 654 | ! is_array( $verified_option ) || |
| 655 | empty( $verified_option['last_checked'] ) || |
| 656 | (int) $verified_option['last_checked'] !== (int) $sync_error['last_checked'] |
| 657 | ) { |
| 658 | // Option is missing, corrupted, or has incorrect timestamp - BAIL to prevent retries. |
| 659 | delete_transient( $lock_key ); |
| 660 | $is_validating = false; |
| 661 | return false; |
| 662 | } |
| 663 | |
| 664 | // Build API path with current URLs as query params. |
| 665 | // We must explicitly include URLs because add_idc_query_args_to_url() skips |
| 666 | // adding them when the site is in IDC (to prevent sync). For revalidation, |
| 667 | // we need WordPress.com to compare current URLs against what it has stored. |
| 668 | // We use the jetpack-token-health/blog endpoint which performs IDC detection |
| 669 | // and returns idc_detected in the response when URLs don't match. |
| 670 | $api_path = sprintf( |
| 671 | 'sites/%d/jetpack-token-health/blog?home=%s&siteurl=%s&idc=1&idc_validation=1', |
| 672 | $blog_id, |
| 673 | rawurlencode( Urls::home_url() ), |
| 674 | rawurlencode( Urls::site_url() ) |
| 675 | ); |
| 676 | |
| 677 | // Make an API call to WordPress.com to check token health and IDC status. |
| 678 | // The response will include 'idc_detected' if URLs still mismatch. |
| 679 | $response = Client::wpcom_json_api_request_as_blog( |
| 680 | $api_path, |
| 681 | '2', |
| 682 | array( 'method' => 'GET' ), |
| 683 | null, |
| 684 | 'wpcom' |
| 685 | ); |
| 686 | |
| 687 | // Parse response body - will be null/false if request failed or JSON is invalid. |
| 688 | $body = null; |
| 689 | if ( ! is_wp_error( $response ) && 200 === wp_remote_retrieve_response_code( $response ) ) { |
| 690 | $body = json_decode( wp_remote_retrieve_body( $response ), true ); |
| 691 | } |
| 692 | |
| 693 | // Check for success: valid response with no idc_detected means IDC is resolved. |
| 694 | if ( is_array( $body ) && empty( $body['idc_detected'] ) ) { |
| 695 | Jetpack_Options::delete_option( 'sync_error_idc' ); |
| 696 | delete_transient( $lock_key ); |
| 697 | $is_validating = false; |
| 698 | return true; |
| 699 | } |
| 700 | |
| 701 | // IDC still exists or request failed - update timing. |
| 702 | $idc_detected = is_array( $body ) && ! empty( $body['idc_detected'] ) && is_array( $body['idc_detected'] ); |
| 703 | |
| 704 | if ( $idc_detected ) { |
| 705 | // Valid idc_detected response - refresh data and apply exponential backoff. |
| 706 | // @phan-suppress-next-line PhanTypeArraySuspiciousNullable -- $body is verified as array in $idc_detected check |
| 707 | $fresh_idc_data = self::get_sync_error_idc_option( $body['idc_detected'] ); |
| 708 | $fresh_idc_data['last_checked'] = time(); |
| 709 | $fresh_idc_data['next_check_delay'] = min( |
| 710 | ( $sync_error['next_check_delay'] ?? self::IDC_VALIDATION_INITIAL_DELAY ) * 2, |
| 711 | self::IDC_VALIDATION_MAX_DELAY |
| 712 | ); |
| 713 | Jetpack_Options::update_option( 'sync_error_idc', $fresh_idc_data ); |
| 714 | self::invalidate_idc_option_cache(); |
| 715 | } else { |
| 716 | // Network error, invalid JSON, or non-200 - just update last_checked without backoff. |
| 717 | $sync_error['last_checked'] = time(); |
| 718 | Jetpack_Options::update_option( 'sync_error_idc', $sync_error ); |
| 719 | self::invalidate_idc_option_cache(); |
| 720 | } |
| 721 | |
| 722 | delete_transient( $lock_key ); |
| 723 | $is_validating = false; |
| 724 | return false; |
| 725 | } |
| 726 | |
| 727 | /** |
| 728 | * Invalidate the cache for the sync_error_idc option. |
| 729 | * |
| 730 | * This ensures that subsequent requests read fresh data from the database |
| 731 | * rather than stale cached values, which is critical for preventing request floods. |
| 732 | * |
| 733 | * Note: This directly calls wp_cache_delete with the 'jetpack_options' cache group, |
| 734 | * which couples this code to the internal caching implementation of Jetpack_Options. |
| 735 | * If Jetpack_Options changes its caching strategy, this method will need to be updated. |
| 736 | * |
| 737 | * @return void |
| 738 | */ |
| 739 | private static function invalidate_idc_option_cache() { |
| 740 | wp_cache_delete( 'sync_error_idc', 'jetpack_options' ); |
| 741 | } |
| 742 | |
| 743 | /** |
| 744 | * Normalizes a url by doing three things: |
| 745 | * - Strips protocol |
| 746 | * - Strips www |
| 747 | * - Adds a trailing slash |
| 748 | * |
| 749 | * @param string $url URL to parse. |
| 750 | * |
| 751 | * @return WP_Error|string |
| 752 | * @since 0.2.0 |
| 753 | * @since-jetpack 4.4.0 |
| 754 | */ |
| 755 | public static function normalize_url_protocol_agnostic( $url ) { |
| 756 | $parsed_url = wp_parse_url( trailingslashit( esc_url_raw( $url ) ) ); |
| 757 | if ( ! $parsed_url || empty( $parsed_url['host'] ) || empty( $parsed_url['path'] ) ) { |
| 758 | return new WP_Error( |
| 759 | 'cannot_parse_url', |
| 760 | sprintf( |
| 761 | /* translators: %s: URL to parse. */ |
| 762 | esc_html__( 'Cannot parse URL %s', 'jetpack-connection' ), |
| 763 | $url |
| 764 | ) |
| 765 | ); |
| 766 | } |
| 767 | |
| 768 | // Strip www and protocols. |
| 769 | $url = preg_replace( '/^www\./i', '', $parsed_url['host'] . $parsed_url['path'] ); |
| 770 | |
| 771 | return $url; |
| 772 | } |
| 773 | |
| 774 | /** |
| 775 | * Gets the value that is to be saved in the jetpack_sync_error_idc option. |
| 776 | * |
| 777 | * @param array $response HTTP response. |
| 778 | * |
| 779 | * @return array Array of the local urls, wpcom urls, and error code. |
| 780 | * @since 0.2.0 |
| 781 | * @since-jetpack 4.4.0 |
| 782 | * @since-jetpack 5.4.0 Add transient since home/siteurl retrieved directly from DB. |
| 783 | */ |
| 784 | public static function get_sync_error_idc_option( $response = array() ) { |
| 785 | // Since the local options will hit the database directly, store the values |
| 786 | // in a transient to allow for autoloading and caching on subsequent views. |
| 787 | $local_options = get_transient( 'jetpack_idc_local' ); |
| 788 | if ( false === $local_options ) { |
| 789 | $local_options = array( |
| 790 | 'home' => Urls::home_url(), |
| 791 | 'siteurl' => Urls::site_url(), |
| 792 | ); |
| 793 | set_transient( 'jetpack_idc_local', $local_options, MINUTE_IN_SECONDS ); |
| 794 | } |
| 795 | |
| 796 | $options = array_merge( $local_options, $response ); |
| 797 | |
| 798 | $returned_values = array(); |
| 799 | foreach ( $options as $key => $option ) { |
| 800 | if ( 'error_code' === $key ) { |
| 801 | $returned_values[ $key ] = $option; |
| 802 | continue; |
| 803 | } |
| 804 | |
| 805 | $normalized_url = self::normalize_url_protocol_agnostic( $option ); |
| 806 | if ( is_wp_error( $normalized_url ) ) { |
| 807 | continue; |
| 808 | } |
| 809 | |
| 810 | $returned_values[ $key ] = $normalized_url; |
| 811 | } |
| 812 | // We need to protect WPCOM URLs from search & replace by reversing them. See https://wp.me/pf5801-3R |
| 813 | // Add 'reversed_url' key for backward compatibility |
| 814 | if ( array_key_exists( 'wpcom_home', $returned_values ) && array_key_exists( 'wpcom_siteurl', $returned_values ) ) { |
| 815 | $returned_values['reversed_url'] = true; |
| 816 | $returned_values = self::reverse_wpcom_urls_for_idc( $returned_values ); |
| 817 | } |
| 818 | |
| 819 | // Add validation timing fields. |
| 820 | // Set last_checked to current time so remote validation doesn't trigger immediately. |
| 821 | // This ensures the first validation happens after the initial delay period. |
| 822 | $returned_values['last_checked'] = time(); |
| 823 | $returned_values['next_check_delay'] = self::IDC_VALIDATION_INITIAL_DELAY; |
| 824 | |
| 825 | return $returned_values; |
| 826 | } |
| 827 | |
| 828 | /** |
| 829 | * Returns the value of the jetpack_should_handle_idc filter or constant. |
| 830 | * If set to true, the site will be put into staging mode. |
| 831 | * |
| 832 | * This method uses both the current jetpack_should_handle_idc filter |
| 833 | * and constant to determine whether an IDC should be handled. |
| 834 | * |
| 835 | * @return bool |
| 836 | * @since 0.2.6 |
| 837 | */ |
| 838 | public static function should_handle_idc() { |
| 839 | if ( Constants::is_defined( 'JETPACK_SHOULD_HANDLE_IDC' ) ) { |
| 840 | $default = Constants::get_constant( 'JETPACK_SHOULD_HANDLE_IDC' ); |
| 841 | } else { |
| 842 | $default = ! Constants::is_defined( 'SUNRISE' ) && ! is_multisite(); |
| 843 | } |
| 844 | |
| 845 | /** |
| 846 | * Allows sites to opt in for IDC mitigation which blocks the site from syncing to WordPress.com when the home |
| 847 | * URL or site URL do not match what WordPress.com expects. The default value is either true, or the value of |
| 848 | * JETPACK_SHOULD_HANDLE_IDC constant if set. |
| 849 | * |
| 850 | * @param bool $default Whether the site is opted in to IDC mitigation. |
| 851 | * |
| 852 | * @since 0.2.6 |
| 853 | */ |
| 854 | return (bool) apply_filters( 'jetpack_should_handle_idc', $default ); |
| 855 | } |
| 856 | |
| 857 | /** |
| 858 | * Whether the site is undergoing identity crisis. |
| 859 | * |
| 860 | * @return bool |
| 861 | */ |
| 862 | public static function has_identity_crisis() { |
| 863 | return false !== static::check_identity_crisis() && ! static::$is_safe_mode_confirmed; |
| 864 | } |
| 865 | |
| 866 | /** |
| 867 | * Whether an admin has confirmed safe mode. |
| 868 | * Unlike `static::$is_safe_mode_confirmed` this function always returns the actual flag value. |
| 869 | * |
| 870 | * @return bool |
| 871 | */ |
| 872 | public static function safe_mode_is_confirmed() { |
| 873 | return Jetpack_Options::get_option( 'safe_mode_confirmed' ); |
| 874 | } |
| 875 | |
| 876 | /** |
| 877 | * Returns the mismatched URLs. |
| 878 | * |
| 879 | * @return array|bool The mismatched urls, or false if the site is not connected, offline, in safe mode, or the IDC error is not valid. |
| 880 | */ |
| 881 | public static function get_mismatched_urls() { |
| 882 | if ( ! static::has_identity_crisis() ) { |
| 883 | return false; |
| 884 | } |
| 885 | |
| 886 | $data = static::check_identity_crisis(); |
| 887 | |
| 888 | if ( ! $data || |
| 889 | ! isset( $data['error_code'] ) || |
| 890 | ! isset( $data['wpcom_home'] ) || |
| 891 | ! isset( $data['home'] ) || |
| 892 | ! isset( $data['wpcom_siteurl'] ) || |
| 893 | ! isset( $data['siteurl'] ) |
| 894 | ) { |
| 895 | // The jetpack_sync_error_idc option is missing a key. |
| 896 | return false; |
| 897 | } |
| 898 | |
| 899 | if ( 'jetpack_site_url_mismatch' === $data['error_code'] ) { |
| 900 | return array( |
| 901 | 'wpcom_url' => $data['wpcom_siteurl'], |
| 902 | 'current_url' => $data['siteurl'], |
| 903 | ); |
| 904 | } |
| 905 | |
| 906 | return array( |
| 907 | 'wpcom_url' => $data['wpcom_home'], |
| 908 | 'current_url' => $data['home'], |
| 909 | ); |
| 910 | } |
| 911 | |
| 912 | /** |
| 913 | * Try to detect $_SERVER['HTTP_HOST'] being used within WP_SITEURL or WP_HOME definitions inside of wp-config. |
| 914 | * |
| 915 | * If `HTTP_HOST` usage is found, it's possbile (though not certain) that site URLs are dynamic. |
| 916 | * |
| 917 | * When a site URL is dynamic, it can lead to a Jetpack IDC. If potentially dynamic usage is detected, |
| 918 | * helpful support info will be shown on the IDC UI about setting a static site/home URL. |
| 919 | * |
| 920 | * @return bool True if potentially dynamic site urls were detected in wp-config, false otherwise. |
| 921 | */ |
| 922 | public static function detect_possible_dynamic_site_url() { |
| 923 | $transient_key = 'jetpack_idc_possible_dynamic_site_url_detected'; |
| 924 | $transient_val = get_transient( $transient_key ); |
| 925 | |
| 926 | if ( false !== $transient_val ) { |
| 927 | return (bool) $transient_val; |
| 928 | } |
| 929 | |
| 930 | $path = self::locate_wp_config(); |
| 931 | $wp_config = $path ? file_get_contents( $path ) : false; // phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents |
| 932 | if ( $wp_config ) { |
| 933 | $matched = preg_match( |
| 934 | '/define ?\( ?[\'"](?:WP_SITEURL|WP_HOME).+(?:HTTP_HOST).+\);/', |
| 935 | $wp_config |
| 936 | ); |
| 937 | |
| 938 | if ( $matched ) { |
| 939 | set_transient( $transient_key, 1, HOUR_IN_SECONDS ); |
| 940 | return true; |
| 941 | } |
| 942 | } |
| 943 | |
| 944 | set_transient( $transient_key, 0, HOUR_IN_SECONDS ); |
| 945 | return false; |
| 946 | } |
| 947 | |
| 948 | /** |
| 949 | * Gets path to WordPress configuration. |
| 950 | * Source: https://github.com/wp-cli/wp-cli/blob/master/php/utils.php |
| 951 | * |
| 952 | * @return string |
| 953 | */ |
| 954 | public static function locate_wp_config() { |
| 955 | static $path; |
| 956 | |
| 957 | if ( null === $path ) { |
| 958 | $path = false; |
| 959 | |
| 960 | if ( getenv( 'WP_CONFIG_PATH' ) && file_exists( getenv( 'WP_CONFIG_PATH' ) ) ) { |
| 961 | $path = getenv( 'WP_CONFIG_PATH' ); |
| 962 | } elseif ( file_exists( ABSPATH . 'wp-config.php' ) ) { |
| 963 | $path = ABSPATH . 'wp-config.php'; |
| 964 | } elseif ( file_exists( dirname( ABSPATH ) . '/wp-config.php' ) && ! file_exists( dirname( ABSPATH ) . '/wp-settings.php' ) ) { |
| 965 | $path = dirname( ABSPATH ) . '/wp-config.php'; |
| 966 | } |
| 967 | |
| 968 | if ( $path ) { |
| 969 | $path = realpath( $path ); |
| 970 | } |
| 971 | } |
| 972 | |
| 973 | return $path; |
| 974 | } |
| 975 | |
| 976 | /** |
| 977 | * Adds `url_secret` to the `jetpack.idcUrlValidation` URL validation endpoint. |
| 978 | * Adds `url_secret_error` in case of an error. |
| 979 | * |
| 980 | * @param array $response The endpoint response that we're modifying. |
| 981 | * |
| 982 | * @return array |
| 983 | * |
| 984 | * phpcs:ignore Squiz.Commenting.FunctionCommentThrowTag -- The exception is being caught, false positive. |
| 985 | */ |
| 986 | public static function add_secret_to_url_validation_response( array $response ) { |
| 987 | // Only checking the database option to limit the effect. |
| 988 | if ( get_option( 'jetpack_offline_mode' ) ) { |
| 989 | $response['offline_mode'] = '1'; |
| 990 | return $response; |
| 991 | } |
| 992 | |
| 993 | try { |
| 994 | $secret = new URL_Secret(); |
| 995 | |
| 996 | $secret->create(); |
| 997 | |
| 998 | if ( $secret->exists() ) { |
| 999 | $response['url_secret'] = $secret->get_secret(); |
| 1000 | } |
| 1001 | } catch ( Exception $e ) { |
| 1002 | $response['url_secret_error'] = new WP_Error( 'unable_to_create_url_secret', $e->getMessage() ); |
| 1003 | } |
| 1004 | |
| 1005 | return $response; |
| 1006 | } |
| 1007 | |
| 1008 | /** |
| 1009 | * Check if URL is an IP. |
| 1010 | * |
| 1011 | * @param string $hostname The hostname to check. |
| 1012 | * @return bool |
| 1013 | */ |
| 1014 | public static function url_is_ip( $hostname = null ) { |
| 1015 | |
| 1016 | if ( ! $hostname ) { |
| 1017 | $hostname = wp_parse_url( Urls::site_url(), PHP_URL_HOST ); |
| 1018 | } |
| 1019 | |
| 1020 | $is_ip = filter_var( $hostname, FILTER_VALIDATE_IP ) !== false ? $hostname : false; |
| 1021 | return $is_ip; |
| 1022 | } |
| 1023 | |
| 1024 | /** |
| 1025 | * Add IDC-related data to the registration query. |
| 1026 | * |
| 1027 | * @param array $params The existing query params. |
| 1028 | * |
| 1029 | * @return array |
| 1030 | */ |
| 1031 | public static function register_request_body( array $params ) { |
| 1032 | $persistent_blog_id = get_option( static::PERSISTENT_BLOG_ID_OPTION_NAME ); |
| 1033 | if ( $persistent_blog_id ) { |
| 1034 | $params['persistent_blog_id'] = $persistent_blog_id; |
| 1035 | $params['url_secret'] = URL_Secret::create_secret( 'registration_request_url_secret_failed' ); |
| 1036 | } |
| 1037 | |
| 1038 | return $params; |
| 1039 | } |
| 1040 | |
| 1041 | /** |
| 1042 | * Set the necessary options when site gets registered. |
| 1043 | * |
| 1044 | * @param int $blog_id The blog ID. |
| 1045 | * |
| 1046 | * @return void |
| 1047 | */ |
| 1048 | public static function site_registered( $blog_id ) { |
| 1049 | update_option( static::PERSISTENT_BLOG_ID_OPTION_NAME, (int) $blog_id, false ); |
| 1050 | } |
| 1051 | |
| 1052 | /** |
| 1053 | * Check if we need to update the ip_requester option. |
| 1054 | * |
| 1055 | * @param string $hostname The hostname to check. |
| 1056 | * |
| 1057 | * @return void |
| 1058 | */ |
| 1059 | public static function maybe_update_ip_requester( $hostname ) { |
| 1060 | // Check if transient exists |
| 1061 | $transient_key = ip2long( $hostname ); |
| 1062 | if ( $transient_key && ! get_transient( 'jetpack_idc_ip_requester_' . $transient_key ) ) { |
| 1063 | self::set_ip_requester_for_idc( $hostname, $transient_key ); |
| 1064 | } |
| 1065 | } |
| 1066 | |
| 1067 | /** |
| 1068 | * If URL is an IP, add the IP value to the ip_requester option with its expiry value. |
| 1069 | * |
| 1070 | * @param string $hostname The hostname to check. |
| 1071 | * @param int $transient_key The transient key. |
| 1072 | */ |
| 1073 | public static function set_ip_requester_for_idc( $hostname, $transient_key ) { |
| 1074 | // Check if option exists |
| 1075 | $data = Jetpack_Options::get_option( 'identity_crisis_ip_requester' ); |
| 1076 | |
| 1077 | $ip_requester = array( |
| 1078 | 'ip' => $hostname, |
| 1079 | 'expires_at' => time() + 360, |
| 1080 | ); |
| 1081 | |
| 1082 | // If not set, initialize it |
| 1083 | if ( empty( $data ) ) { |
| 1084 | $data = array( $ip_requester ); |
| 1085 | } else { |
| 1086 | $updated_data = array(); |
| 1087 | $updated_value = false; |
| 1088 | |
| 1089 | // Remove expired values and update existing IP |
| 1090 | foreach ( $data as $item ) { |
| 1091 | if ( time() > $item['expires_at'] ) { |
| 1092 | continue; // Skip expired IP |
| 1093 | } |
| 1094 | |
| 1095 | if ( $item['ip'] === $hostname ) { |
| 1096 | $item['expires_at'] = time() + 360; |
| 1097 | $updated_value = true; |
| 1098 | } |
| 1099 | |
| 1100 | $updated_data[] = $item; |
| 1101 | } |
| 1102 | |
| 1103 | if ( ! $updated_value || empty( $updated_data ) ) { |
| 1104 | $updated_data[] = $ip_requester; |
| 1105 | } |
| 1106 | |
| 1107 | $data = $updated_data; |
| 1108 | } |
| 1109 | |
| 1110 | self::update_ip_requester( $data, $transient_key ); |
| 1111 | } |
| 1112 | |
| 1113 | /** |
| 1114 | * Update the ip_requester option and set a transient to expire in 5 minutes. |
| 1115 | * |
| 1116 | * @param array $data The data to be updated. |
| 1117 | * @param int $transient_key The transient key. |
| 1118 | * |
| 1119 | * @return void |
| 1120 | */ |
| 1121 | public static function update_ip_requester( $data, $transient_key ) { |
| 1122 | // Update the option |
| 1123 | $updated = Jetpack_Options::update_option( 'identity_crisis_ip_requester', $data ); |
| 1124 | // Set a transient to expire in 5 minutes |
| 1125 | if ( $updated ) { |
| 1126 | $transient_name = 'jetpack_idc_ip_requester_' . $transient_key; |
| 1127 | set_transient( $transient_name, $data, 300 ); |
| 1128 | } |
| 1129 | } |
| 1130 | |
| 1131 | /** |
| 1132 | * Adds `ip_requester` to the `jetpack.idcUrlValidation` URL validation endpoint. |
| 1133 | * |
| 1134 | * @param array $response The enpoint response that we're modifying. |
| 1135 | * |
| 1136 | * @return array |
| 1137 | */ |
| 1138 | public static function add_ip_requester_to_url_validation_response( array $response ) { |
| 1139 | $requesters = Jetpack_Options::get_option( 'identity_crisis_ip_requester' ); |
| 1140 | if ( $requesters ) { |
| 1141 | // Loop through the requesters and add the IP to the response if it's not expired |
| 1142 | $i = 0; |
| 1143 | foreach ( $requesters as $ip ) { |
| 1144 | if ( $ip['expires_at'] > time() ) { |
| 1145 | $response['ip_requester'][] = $ip['ip']; |
| 1146 | } |
| 1147 | // Limit the response to five IPs |
| 1148 | $i = ++$i; |
| 1149 | if ( $i === 5 ) { |
| 1150 | break; |
| 1151 | } |
| 1152 | } |
| 1153 | } |
| 1154 | return $response; |
| 1155 | } |
| 1156 | } |