Edit File by line
/home/barbar84/www/wp-conte.../plugins/worker/src/MWP/Security
File: NonceManager.php
<?php
[0] Fix | Delete
/*
[1] Fix | Delete
* This file is part of the ManageWP Worker plugin.
[2] Fix | Delete
*
[3] Fix | Delete
* (c) ManageWP LLC <contact@managewp.com>
[4] Fix | Delete
*
[5] Fix | Delete
* For the full copyright and license information, please view the LICENSE
[6] Fix | Delete
* file that was distributed with this source code.
[7] Fix | Delete
*/
[8] Fix | Delete
[9] Fix | Delete
class MWP_Security_NonceManager
[10] Fix | Delete
{
[11] Fix | Delete
[12] Fix | Delete
private $context;
[13] Fix | Delete
[14] Fix | Delete
private $nonceValidFor;
[15] Fix | Delete
[16] Fix | Delete
private $nonceBlacklistedFor;
[17] Fix | Delete
[18] Fix | Delete
/**
[19] Fix | Delete
* @param MWP_WordPress_Context $context
[20] Fix | Delete
* @param int $nonceValidFor How long (in seconds) is the nonce valid since its issue time.
[21] Fix | Delete
* @param int $nonceBlacklistedFor How long (in seconds) to keep used nonce in storage.
[22] Fix | Delete
*/
[23] Fix | Delete
public function __construct(MWP_WordPress_Context $context, $nonceValidFor = 43200, $nonceBlacklistedFor = 86400)
[24] Fix | Delete
{
[25] Fix | Delete
if ($nonceBlacklistedFor < $nonceValidFor) {
[26] Fix | Delete
throw new LogicException('Nonce blacklist time must be higher than nonce lifetime.');
[27] Fix | Delete
}
[28] Fix | Delete
[29] Fix | Delete
$this->context = $context;
[30] Fix | Delete
$this->nonceValidFor = $nonceValidFor;
[31] Fix | Delete
$this->nonceBlacklistedFor = $nonceBlacklistedFor;
[32] Fix | Delete
}
[33] Fix | Delete
[34] Fix | Delete
/**
[35] Fix | Delete
* @param string $nonce
[36] Fix | Delete
*
[37] Fix | Delete
* @throws MWP_Security_Exception_NonceFormatInvalid
[38] Fix | Delete
* @throws MWP_Security_Exception_NonceExpired
[39] Fix | Delete
* @throws MWP_Security_Exception_NonceAlreadyUsed
[40] Fix | Delete
*/
[41] Fix | Delete
public function useNonce($nonce)
[42] Fix | Delete
{
[43] Fix | Delete
$parts = explode('_', $nonce);
[44] Fix | Delete
[45] Fix | Delete
if (count($parts) !== 2) {
[46] Fix | Delete
throw new MWP_Security_Exception_NonceFormatInvalid();
[47] Fix | Delete
}
[48] Fix | Delete
[49] Fix | Delete
list($nonceValue, $issuedAt) = $parts;
[50] Fix | Delete
$issuedAt = (int) $issuedAt;
[51] Fix | Delete
[52] Fix | Delete
if (!$nonceValue || !$issuedAt) {
[53] Fix | Delete
throw new MWP_Security_Exception_NonceFormatInvalid();
[54] Fix | Delete
}
[55] Fix | Delete
[56] Fix | Delete
if ($issuedAt + $this->nonceValidFor < time()) {
[57] Fix | Delete
throw new MWP_Security_Exception_NonceExpired();
[58] Fix | Delete
}
[59] Fix | Delete
[60] Fix | Delete
// There was a bug where the generated nonce was 42 characters long.
[61] Fix | Delete
$transientKey = substr('n_'.$nonceValue, 0, 40);
[62] Fix | Delete
$nonceUsed = $this->context->transientGet($transientKey);
[63] Fix | Delete
[64] Fix | Delete
if ($nonceUsed !== false) {
[65] Fix | Delete
throw new MWP_Security_Exception_NonceAlreadyUsed();
[66] Fix | Delete
}
[67] Fix | Delete
[68] Fix | Delete
$this->context->transientSet($transientKey, $issuedAt, $this->nonceBlacklistedFor);
[69] Fix | Delete
}
[70] Fix | Delete
}
[71] Fix | Delete
[72] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function