class-wp-recovery-mode-cookie-service.php (6459B)
1 <?php 2 /** 3 * Error Protection API: WP_Recovery_Mode_Cookie_Service class 4 * 5 * @package WordPress 6 * @since 5.2.0 7 */ 8 9 /** 10 * Core class used to set, validate, and clear cookies that identify a Recovery Mode session. 11 * 12 * @since 5.2.0 13 */ 14 final class WP_Recovery_Mode_Cookie_Service { 15 16 /** 17 * Checks whether the recovery mode cookie is set. 18 * 19 * @since 5.2.0 20 * 21 * @return bool True if the cookie is set, false otherwise. 22 */ 23 public function is_cookie_set() { 24 return ! empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] ); 25 } 26 27 /** 28 * Sets the recovery mode cookie. 29 * 30 * This must be immediately followed by exiting the request. 31 * 32 * @since 5.2.0 33 */ 34 public function set_cookie() { 35 36 $value = $this->generate_cookie(); 37 38 /** 39 * Filters the length of time a Recovery Mode cookie is valid for. 40 * 41 * @since 5.2.0 42 * 43 * @param int $length Length in seconds. 44 */ 45 $length = apply_filters( 'recovery_mode_cookie_length', WEEK_IN_SECONDS ); 46 47 $expire = time() + $length; 48 49 setcookie( RECOVERY_MODE_COOKIE, $value, $expire, COOKIEPATH, COOKIE_DOMAIN, is_ssl(), true ); 50 51 if ( COOKIEPATH !== SITECOOKIEPATH ) { 52 setcookie( RECOVERY_MODE_COOKIE, $value, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, is_ssl(), true ); 53 } 54 } 55 56 /** 57 * Clears the recovery mode cookie. 58 * 59 * @since 5.2.0 60 */ 61 public function clear_cookie() { 62 setcookie( RECOVERY_MODE_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); 63 setcookie( RECOVERY_MODE_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); 64 } 65 66 /** 67 * Validates the recovery mode cookie. 68 * 69 * @since 5.2.0 70 * 71 * @param string $cookie Optionally specify the cookie string. 72 * If omitted, it will be retrieved from the super global. 73 * @return true|WP_Error True on success, error object on failure. 74 */ 75 public function validate_cookie( $cookie = '' ) { 76 77 if ( ! $cookie ) { 78 if ( empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] ) ) { 79 return new WP_Error( 'no_cookie', __( 'No cookie present.' ) ); 80 } 81 82 $cookie = $_COOKIE[ RECOVERY_MODE_COOKIE ]; 83 } 84 85 $parts = $this->parse_cookie( $cookie ); 86 87 if ( is_wp_error( $parts ) ) { 88 return $parts; 89 } 90 91 list( , $created_at, $random, $signature ) = $parts; 92 93 if ( ! ctype_digit( $created_at ) ) { 94 return new WP_Error( 'invalid_created_at', __( 'Invalid cookie format.' ) ); 95 } 96 97 /** This filter is documented in wp-includes/class-wp-recovery-mode-cookie-service.php */ 98 $length = apply_filters( 'recovery_mode_cookie_length', WEEK_IN_SECONDS ); 99 100 if ( time() > $created_at + $length ) { 101 return new WP_Error( 'expired', __( 'Cookie expired.' ) ); 102 } 103 104 $to_sign = sprintf( 'recovery_mode|%s|%s', $created_at, $random ); 105 $hashed = $this->recovery_mode_hash( $to_sign ); 106 107 if ( ! hash_equals( $signature, $hashed ) ) { 108 return new WP_Error( 'signature_mismatch', __( 'Invalid cookie.' ) ); 109 } 110 111 return true; 112 } 113 114 /** 115 * Gets the session identifier from the cookie. 116 * 117 * The cookie should be validated before calling this API. 118 * 119 * @since 5.2.0 120 * 121 * @param string $cookie Optionally specify the cookie string. 122 * If omitted, it will be retrieved from the super global. 123 * @return string|WP_Error Session ID on success, or error object on failure. 124 */ 125 public function get_session_id_from_cookie( $cookie = '' ) { 126 if ( ! $cookie ) { 127 if ( empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] ) ) { 128 return new WP_Error( 'no_cookie', __( 'No cookie present.' ) ); 129 } 130 131 $cookie = $_COOKIE[ RECOVERY_MODE_COOKIE ]; 132 } 133 134 $parts = $this->parse_cookie( $cookie ); 135 if ( is_wp_error( $parts ) ) { 136 return $parts; 137 } 138 139 list( , , $random ) = $parts; 140 141 return sha1( $random ); 142 } 143 144 /** 145 * Parses the cookie into its four parts. 146 * 147 * @since 5.2.0 148 * 149 * @param string $cookie Cookie content. 150 * @return array|WP_Error Cookie parts array, or error object on failure. 151 */ 152 private function parse_cookie( $cookie ) { 153 $cookie = base64_decode( $cookie ); 154 $parts = explode( '|', $cookie ); 155 156 if ( 4 !== count( $parts ) ) { 157 return new WP_Error( 'invalid_format', __( 'Invalid cookie format.' ) ); 158 } 159 160 return $parts; 161 } 162 163 /** 164 * Generates the recovery mode cookie value. 165 * 166 * The cookie is a base64 encoded string with the following format: 167 * 168 * recovery_mode|iat|rand|signature 169 * 170 * Where "recovery_mode" is a constant string, 171 * iat is the time the cookie was generated at, 172 * rand is a randomly generated password that is also used as a session identifier 173 * and signature is an hmac of the preceding 3 parts. 174 * 175 * @since 5.2.0 176 * 177 * @return string Generated cookie content. 178 */ 179 private function generate_cookie() { 180 $to_sign = sprintf( 'recovery_mode|%s|%s', time(), wp_generate_password( 20, false ) ); 181 $signed = $this->recovery_mode_hash( $to_sign ); 182 183 return base64_encode( sprintf( '%s|%s', $to_sign, $signed ) ); 184 } 185 186 /** 187 * Gets a form of `wp_hash()` specific to Recovery Mode. 188 * 189 * We cannot use `wp_hash()` because it is defined in `pluggable.php` which is not loaded until after plugins are loaded, 190 * which is too late to verify the recovery mode cookie. 191 * 192 * This tries to use the `AUTH` salts first, but if they aren't valid specific salts will be generated and stored. 193 * 194 * @since 5.2.0 195 * 196 * @param string $data Data to hash. 197 * @return string|false The hashed $data, or false on failure. 198 */ 199 private function recovery_mode_hash( $data ) { 200 if ( ! defined( 'AUTH_KEY' ) || AUTH_KEY === 'put your unique phrase here' ) { 201 $auth_key = get_site_option( 'recovery_mode_auth_key' ); 202 203 if ( ! $auth_key ) { 204 if ( ! function_exists( 'wp_generate_password' ) ) { 205 require_once ABSPATH . WPINC . '/pluggable.php'; 206 } 207 208 $auth_key = wp_generate_password( 64, true, true ); 209 update_site_option( 'recovery_mode_auth_key', $auth_key ); 210 } 211 } else { 212 $auth_key = AUTH_KEY; 213 } 214 215 if ( ! defined( 'AUTH_SALT' ) || AUTH_SALT === 'put your unique phrase here' || AUTH_SALT === $auth_key ) { 216 $auth_salt = get_site_option( 'recovery_mode_auth_salt' ); 217 218 if ( ! $auth_salt ) { 219 if ( ! function_exists( 'wp_generate_password' ) ) { 220 require_once ABSPATH . WPINC . '/pluggable.php'; 221 } 222 223 $auth_salt = wp_generate_password( 64, true, true ); 224 update_site_option( 'recovery_mode_auth_salt', $auth_salt ); 225 } 226 } else { 227 $auth_salt = AUTH_SALT; 228 } 229 230 $secret = $auth_key . $auth_salt; 231 232 return hash_hmac( 'sha1', $data, $secret ); 233 } 234 }