link_service = $link_service; } /** * Sends the recovery mode email if the rate limit has not been sent. * * @since 5.2.0 * * @param int $rate_limit Number of seconds before another email can be sent. * @param array $error Error details from `error_get_last()`. * @param array $extension { * The extension that caused the error. * * @type string $slug The extension slug. The plugin or theme's directory. * @type string $type The extension type. Either 'plugin' or 'theme'. * } * @return true|WP_Error True if email sent, WP_Error otherwise. */ public function maybe_send_recovery_mode_email( $rate_limit, $error, $extension ) { $last_sent = get_option( self::RATE_LIMIT_OPTION ); if ( ! $last_sent || time() > $last_sent + $rate_limit ) { if ( ! update_option( self::RATE_LIMIT_OPTION, time() ) ) { return new WP_Error( 'storage_error', __( 'Could not update the email last sent time.' ) ); } $sent = $this->send_recovery_mode_email( $rate_limit, $error, $extension ); if ( $sent ) { return true; } return new WP_Error( 'email_failed', sprintf( /* translators: %s: mail() */ __( 'The email could not be sent. Possible reason: your host may have disabled the %s function.' ), 'mail()' ) ); } $err_message = sprintf( /* translators: 1: Last sent as a human time diff, 2: Wait time as a human time diff. */ __( 'A recovery link was already sent %1$s ago. Please wait another %2$s before requesting a new email.' ), human_time_diff( $last_sent ), human_time_diff( $last_sent + $rate_limit ) ); return new WP_Error( 'email_sent_already', $err_message ); } /** * Clears the rate limit, allowing a new recovery mode email to be sent immediately. * * @since 5.2.0 * * @return bool True on success, false on failure. */ public function clear_rate_limit() { return delete_option( self::RATE_LIMIT_OPTION ); } /** * Sends the Recovery Mode email to the site admin email address. * * @since 5.2.0 * * @param int $rate_limit Number of seconds before another email can be sent. * @param array $error Error details from `error_get_last()`. * @param array $extension { * The extension that caused the error. * * @type string $slug The extension slug. The directory of the plugin or theme. * @type string $type The extension type. Either 'plugin' or 'theme'. * } * @return bool Whether the email was sent successfully. */ private function send_recovery_mode_email( $rate_limit, $error, $extension ) { $url = $this->link_service->generate_url(); $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); $switched_locale = switch_to_locale( get_locale() ); if ( $extension ) { $cause = $this->get_cause( $extension ); $details = wp_strip_all_tags( wp_get_extension_error_description( $error ) ); if ( $details ) { $header = __( 'Error Details' ); $details = "\n\n" . $header . "\n" . str_pad( '', strlen( $header ), '=' ) . "\n" . $details; } } else { $cause = ''; $details = ''; } /** * Filters the support message sent with the the fatal error protection email. * * @since 5.2.0 * * @param string $message The Message to include in the email. */ $support = apply_filters( 'recovery_email_support_info', __( 'Please contact your host for assistance with investigating this issue further.' ) ); /** * Filters the debug information included in the fatal error protection email. * * @since 5.3.0 * * @param array $message An associative array of debug information. */ $debug = apply_filters( 'recovery_email_debug_info', $this->get_debug( $extension ) ); /* translators: Do not translate LINK, EXPIRES, CAUSE, DETAILS, SITEURL, PAGEURL, SUPPORT. DEBUG: those are placeholders. */ $message = __( 'Howdy! WordPress has a built-in feature that detects when a plugin or theme causes a fatal error on your site, and notifies you with this automated email. ###CAUSE### First, visit your website (###SITEURL###) and check for any visible issues. Next, visit the page where the error was caught (###PAGEURL###) and check for any visible issues. ###SUPPORT### If your site appears broken and you can\'t access your dashboard normally, WordPress now has a special "recovery mode". This lets you safely login to your dashboard and investigate further. ###LINK### To keep your site safe, this link will expire in ###EXPIRES###. Don\'t worry about that, though: a new link will be emailed to you if the error occurs again after it expires. When seeking help with this issue, you may be asked for some of the following information: ###DEBUG### ###DETAILS###' ); $message = str_replace( array( '###LINK###', '###EXPIRES###', '###CAUSE###', '###DETAILS###', '###SITEURL###', '###PAGEURL###', '###SUPPORT###', '###DEBUG###', ), array( $url, human_time_diff( time() + $rate_limit ), $cause ? "\n{$cause}\n" : "\n", $details, home_url( '/' ), home_url( $_SERVER['REQUEST_URI'] ), $support, implode( "\r\n", $debug ), ), $message ); $email = array( 'to' => $this->get_recovery_mode_email_address(), /* translators: %s: Site title. */ 'subject' => __( '[%s] Your Site is Experiencing a Technical Issue' ), 'message' => $message, 'headers' => '', 'attachments' => '', ); /** * Filters the contents of the Recovery Mode email. * * @since 5.2.0 * @since 5.6.0 The `$email` argument includes the `attachments` key. * * @param array $email { * Used to build a call to wp_mail(). * * @type string|array $to Array or comma-separated list of email addresses to send message. * @type string $subject Email subject * @type string $message Message contents * @type string|array $headers Optional. Additional headers. * @type string|array $attachments Optional. Files to attach. * } * @param string $url URL to enter recovery mode. */ $email = apply_filters( 'recovery_mode_email', $email, $url ); $sent = wp_mail( $email['to'], wp_specialchars_decode( sprintf( $email['subject'], $blogname ) ), $email['message'], $email['headers'], $email['attachments'] ); if ( $switched_locale ) { restore_previous_locale(); } return $sent; } /** * Gets the email address to send the recovery mode link to. * * @since 5.2.0 * * @return string Email address to send recovery mode link to. */ private function get_recovery_mode_email_address() { if ( defined( 'RECOVERY_MODE_EMAIL' ) && is_email( RECOVERY_MODE_EMAIL ) ) { return RECOVERY_MODE_EMAIL; } return get_option( 'admin_email' ); } /** * Gets the description indicating the possible cause for the error. * * @since 5.2.0 * * @param array $extension { * The extension that caused the error. * * @type string $slug The extension slug. The directory of the plugin or theme. * @type string $type The extension type. Either 'plugin' or 'theme'. * } * @return string Message about which extension caused the error. */ private function get_cause( $extension ) { if ( 'plugin' === $extension['type'] ) { $plugin = $this->get_plugin( $extension ); if ( false === $plugin ) { 6, '<' => 5, '<=' => 5, '>' => 5, '>=' => 5, '==' => 4, '!=' => 4, '&&' => 3, '||' => 2, '?:' => 1, '?' => 1, '(' => 0, ')' => 0, ); /** * Tokens generated from the string. * * @since 4.9.0 * @var array $tokens List of tokens. */ protected $tokens = array(); /** * Cache for repeated calls to the funct * * @version $Id: streams.php 1157 2015-11-20 04:30:11Z dd32 $ * @package pomo * @subpackage streams */ if ( ! class_exists( 'POMO_Reader', false ) ) : #[AllowDynamicProperties] class POMO_Reader { public $endian = 'little'; public $_pos; public $is_overloaded; /** * PHP5 constructor. */ public function __construct() { if ( function_exists( 'mb_substr' ) && ( (int) ini_get( 'mbstring.func_overload' ) & 2 ) // phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.mbstring_func_overloadDeprecated ) { $this->is_overloaded = true; } else { $this->is_overloaded = false; } $this->_pos = 0; } /** * PHP4 constructor. * * @deprecated 5.4.0 Use __construct() instead. * * @see POMO_Reader::__construct() */ public function POMO_Reader() { _deprecated_constructor( self::class, '5.4.0', static::class ); self::__construct(); } /** * Sets the endianness of the file. * * @param string $endian Set the endianness of the file. Accepts 'big', or 'little'. */ public function setEndian( $endian ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid $this->endian = $endian; } /** * Reads a 32bit Integer from the Stream * * @return mixed The integer, corresponding to the next 32 bits from * the stream of false if there are not enough bytes or on error */ public function readint32() { $bytes = $this->read( 4 ); if ( 4 !== $this->strlen( $bytes ) ) { return false; } $endian_letter = ( 'big' === $this->endian ) ? 'N' : 'V'; $int = unpack( $endian_letter, $bytes ); return reset( $int ); } /** * Reads an array of 32-bit Integers from the Stream * * @param int $count How many elements should be read * @return mixed Array of integers or false if there isn't * enough data or on error */ public function readint32array( $count ) { $bytes = $this->read( 4 * $count ); if ( 4 * $count !== $this->strlen( $bytes ) ) { return false; } $endian_letter = ( 'big' === $this->endian ) ? 'N' : 'V'; return unpack( $endian_letter . $count, $bytes ); } /** * @param string $input_string * @param int $start * @param int $length * @return string */ public function substr( $input_string, $start, $length ) { if ( $this->is_overloaded ) { return mb_substr( $input_string, $start, $length, 'ascii' ); } else { return substr( $input_string, $start, $length ); } } /** * @param string $input_string * @return int */ public function strlen( $input_string ) { if ( $this->is_overloaded ) { return mb_strlen( $input_string, 'ascii' ); } else { return strlen( $input_string ); } } /** * @param string $input_string * @param int $chunk_size * @return array */ public function str_split( $input_string, $chunk_size ) { if ( ! function_exists( 'str_split' ) ) { $length = $this->strlen( $input_string ); $out = array(); for ( $i = 0; $i < $length; $i += $chunk_size ) { $out[] = $this->substr( $input_string, $i, $chunk_size ); } return $out; } else { return str_split( $input_string, $chunk_size ); } } /** * @return int */ public function pos() { return $this->_pos; } /** * @return true */ public function is_resource() { return true; } /** * @return true */ public function close() { return true; } } endif; if ( ! class_exists( 'POMO_FileReader', false ) ) : class POMO_FileReader extends POMO_Reader { /** * File pointer resource. * * @var resource|false */ public $_f; /** * @param user_id = $user_id; } /** * Retrieves a session manager instance for a user. * * This method contains a {@see 'session_token_manager'} filter, allowing a plugin to swap out * the session manager for a subclass of `WP_Session_Tokens`. * * @since 4.0.0 * * @param int $user_id User whose session to manage. * @return WP_Session_Tokens The session object, which is by default an instance of * the `WP_User_Meta_Session_Tokens` class. */ final public static function get_instance( $user_id ) { /** * Filters the class name for the session token manager. * * @since 4.0.0 * * @param string $session Name of class to use as the manager. * Default 'WP_User_Meta_Session_Tokens'. */ $manager = apply_filters( 'session_token_manager', 'WP_User_Meta_Session_Tokens' ); return new $manager( $user_id ); } /** * Hashes the given session token for storage. * * @since 4.0.0 * * @param string $token Session token to hash. * @return string A hash of the session token (a verifier). */ private function hash_token( $token ) { return hash( 'sha256', $token ); } /** * Retrieves a user's session for the given token. * * @since 4.0.0 * * @param string $token Session token. * @return array|null The session, or null if it does not exist. */ final public function get( $token ) { $verifier = $this->hash_token( $token ); return $this->get_session( $verifier ); } /** * Validates the given session token for authenticity and validity. * * Checks that the given token is present and hasn't expired. * * @since 4.0.0 * * @param string $token Token to verify. * @return bool Whether the token is valid for the user. */ final public function verify( $token ) { $verifier = $this->hash_token( $token ); return (bool) $this->get_session( $verifier ); } /** * Generates a session token and attaches session information to it. * * A session token is a long, random string. It is used in a cookie * to link that cookie to an expiration time and to ensure the cookie * becomes invalidated when the user logs out. * * This function generates a token and stores it with the associated * expiration time (and potentially other session information via the * {@see 'attach_session_information'} filter). * * @since 4.0.0 * * @param int $expiration Session expiration timestamp. * @return string Session token. */ final public function create( $expiration ) { /** * Filters the information attached to the newly created session. * * Can be used to attach further information to a session. * * @since 4.0.0 * * @param array $session Array of extra data. * @param int $user_id User ID. */ $session = apply_filters( 'attach_session_information', array(), $this->user_id ); $session['expiration'] = $expiration; // IP address. if ( ! empty( $_SERVER['REMOTE_ADDR'] ) ) { $session['ip'] = $_SERVER['REMOTE_ADDR']; } // User-agent. if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) { $session['ua'] = wp_unslash( $_SERVER['HTTP_USER_AGENT'] ); } // Timestamp. $session['login'] = time(); $token = wp_generate_password( 43, false, false ); $this->update( $token, $session ); return $token; } /** * Updates the data for the session with the given token. * * @since 4.0.0 * * @param string $token Session token to update. * @param array $session Session information. */ final public function update( $token, $session ) { $verifier = $this->hash_token( $token ); $this->update_session( $verifier, $session ); } /** * Destroys the session with the given token. * * @since 4.0.0 * * @param string $token Session token to destroy. */ final public function destroy( $token ) { $verifier = $this->hash_token( $token ); $this->update_session( $verifier, null ); } /** * Destroys all sessions for this user except the one with the given token (presumably the one in use). * * @since 4.0.0 * * @param string $token_to_keep Session token to keep. */ final public function destroy_others( $token_to_keep ) { $verifier = $this->hash_token( $token_to_keep ); $session = $this->get_session( $verifier ); if ( $session ) { $this->destroy_other_sessions( $verifier ); } else { $this->destroy_all_sessions(); } } /** * Determines whether a session is still valid, based on its expiration timestamp. * * @since 4.0.0 * * @param array $session Session to check. * @return bool Whether session is valid. */ final protected function is_still_valid( $session ) { return $session['expiration'] >= time(); } /** * Destroys all sessions for a user. * * @since 4.0.0 */ final public function destroy_all() { $this->destroy_all_sessions(); } /** * Destroys all sessions for all users. * * @since 4.0.0 */ final public static function destroy_all_for_all_users() { /** This filter is documented in wp-includes/class-wp-session-tokens.php */ $manager = apply_filters( 'session_token_manager', 'WP_User_Meta_Session_Tokens' ); call_user_func( array( $manager, 'drop_sessions' ) ); } /** * Retrieves all sessions for a user. * * @since 4.0.0 * * @return array Sessions for a user. */ final public function get_all() { return array_values( $this->get_sessions() ); } /** * Retrieves all sessions of the user. * * @since 4.0.0 * * @return array Sessions of the user. */ abstract protected function get_sessions(); /** * Retrieves a session based on its verifier (token hash). * * @since 4.0.0 * * @param string $verifier Verifier for the session to retrieve. * @return array|null The session, or null if it does not exist. */ abstract protected function get_ses