2016-05-13 00:42:28 -04:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* SSL utilities for Requests
|
|
|
|
*
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
* @package Requests\Utilities
|
2016-05-13 00:42:28 -04:00
|
|
|
*/
|
|
|
|
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
namespace WpOrg\Requests;
|
|
|
|
|
|
|
|
use WpOrg\Requests\Exception\InvalidArgument;
|
|
|
|
use WpOrg\Requests\Utility\InputValidator;
|
|
|
|
|
2016-05-13 00:42:28 -04:00
|
|
|
/**
|
|
|
|
* SSL utilities for Requests
|
|
|
|
*
|
|
|
|
* Collection of utilities for working with and verifying SSL certificates.
|
|
|
|
*
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
* @package Requests\Utilities
|
2016-05-13 00:42:28 -04:00
|
|
|
*/
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
final class Ssl {
|
2016-05-13 00:42:28 -04:00
|
|
|
/**
|
|
|
|
* Verify the certificate against common name and subject alternative names
|
|
|
|
*
|
|
|
|
* Unfortunately, PHP doesn't check the certificate against the alternative
|
|
|
|
* names, leading things like 'https://www.github.com/' to be invalid.
|
|
|
|
*
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
* @link https://tools.ietf.org/html/rfc2818#section-3.1 RFC2818, Section 3.1
|
2016-05-13 00:42:28 -04:00
|
|
|
*
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
* @param string|Stringable $host Host name to verify against
|
2016-05-13 00:42:28 -04:00
|
|
|
* @param array $cert Certificate data from openssl_x509_parse()
|
|
|
|
* @return bool
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
* @throws \WpOrg\Requests\Exception\InvalidArgument When the passed $host argument is not a string or a stringable object.
|
|
|
|
* @throws \WpOrg\Requests\Exception\InvalidArgument When the passed $cert argument is not an array or array accessible.
|
2016-05-13 00:42:28 -04:00
|
|
|
*/
|
|
|
|
public static function verify_certificate($host, $cert) {
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
if (InputValidator::is_string_or_stringable($host) === false) {
|
|
|
|
throw InvalidArgument::create(1, '$host', 'string|Stringable', gettype($host));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (InputValidator::has_array_access($cert) === false) {
|
|
|
|
throw InvalidArgument::create(2, '$cert', 'array|ArrayAccess', gettype($cert));
|
|
|
|
}
|
|
|
|
|
2016-05-13 00:42:28 -04:00
|
|
|
$has_dns_alt = false;
|
|
|
|
|
|
|
|
// Check the subjectAltName
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
if (!empty($cert['extensions']['subjectAltName'])) {
|
2016-05-13 00:42:28 -04:00
|
|
|
$altnames = explode(',', $cert['extensions']['subjectAltName']);
|
|
|
|
foreach ($altnames as $altname) {
|
|
|
|
$altname = trim($altname);
|
|
|
|
if (strpos($altname, 'DNS:') !== 0) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
$has_dns_alt = true;
|
|
|
|
|
|
|
|
// Strip the 'DNS:' prefix and trim whitespace
|
|
|
|
$altname = trim(substr($altname, 4));
|
|
|
|
|
|
|
|
// Check for a match
|
|
|
|
if (self::match_domain($host, $altname) === true) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
|
|
|
|
if ($has_dns_alt === true) {
|
|
|
|
return false;
|
|
|
|
}
|
2016-05-13 00:42:28 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// Fall back to checking the common name if we didn't get any dNSName
|
|
|
|
// alt names, as per RFC2818
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
if (!empty($cert['subject']['CN'])) {
|
2016-05-13 00:42:28 -04:00
|
|
|
// Check for a match
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
return (self::match_domain($host, $cert['subject']['CN']) === true);
|
2016-05-13 00:42:28 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Verify that a reference name is valid
|
|
|
|
*
|
|
|
|
* Verifies a dNSName for HTTPS usage, (almost) as per Firefox's rules:
|
|
|
|
* - Wildcards can only occur in a name with more than 3 components
|
|
|
|
* - Wildcards can only occur as the last character in the first
|
|
|
|
* component
|
|
|
|
* - Wildcards may be preceded by additional characters
|
|
|
|
*
|
|
|
|
* We modify these rules to be a bit stricter and only allow the wildcard
|
|
|
|
* character to be the full first component; that is, with the exclusion of
|
|
|
|
* the third rule.
|
|
|
|
*
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
* @param string|Stringable $reference Reference dNSName
|
2016-05-13 00:42:28 -04:00
|
|
|
* @return boolean Is the name valid?
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
* @throws \WpOrg\Requests\Exception\InvalidArgument When the passed argument is not a string or a stringable object.
|
2016-05-13 00:42:28 -04:00
|
|
|
*/
|
|
|
|
public static function verify_reference_name($reference) {
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
if (InputValidator::is_string_or_stringable($reference) === false) {
|
|
|
|
throw InvalidArgument::create(1, '$reference', 'string|Stringable', gettype($reference));
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($reference === '') {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (preg_match('`\s`', $reference) > 0) {
|
|
|
|
// Whitespace detected. This can never be a dNSName.
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2016-05-13 00:42:28 -04:00
|
|
|
$parts = explode('.', $reference);
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
if ($parts !== array_filter($parts)) {
|
|
|
|
// DNSName cannot contain two dots next to each other.
|
|
|
|
return false;
|
|
|
|
}
|
2016-05-13 00:42:28 -04:00
|
|
|
|
|
|
|
// Check the first part of the name
|
|
|
|
$first = array_shift($parts);
|
|
|
|
|
|
|
|
if (strpos($first, '*') !== false) {
|
|
|
|
// Check that the wildcard is the full part
|
|
|
|
if ($first !== '*') {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check that we have at least 3 components (including first)
|
|
|
|
if (count($parts) < 2) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check the remaining parts
|
|
|
|
foreach ($parts as $part) {
|
|
|
|
if (strpos($part, '*') !== false) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Nothing found, verified!
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Match a hostname against a dNSName reference
|
|
|
|
*
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
* @param string|Stringable $host Requested host
|
|
|
|
* @param string|Stringable $reference dNSName to match against
|
2016-05-13 00:42:28 -04:00
|
|
|
* @return boolean Does the domain match?
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
* @throws \WpOrg\Requests\Exception\InvalidArgument When either of the passed arguments is not a string or a stringable object.
|
2016-05-13 00:42:28 -04:00
|
|
|
*/
|
|
|
|
public static function match_domain($host, $reference) {
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
if (InputValidator::is_string_or_stringable($host) === false) {
|
|
|
|
throw InvalidArgument::create(1, '$host', 'string|Stringable', gettype($host));
|
|
|
|
}
|
|
|
|
|
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 13:26:13 -04:00
|
|
|
// Check if the reference is blocklisted first
|
2016-05-13 00:42:28 -04:00
|
|
|
if (self::verify_reference_name($reference) !== true) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check for a direct match
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
if ((string) $host === (string) $reference) {
|
2016-05-13 00:42:28 -04:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Calculate the valid wildcard match if the host is not an IP address
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
// Also validates that the host has 3 parts or more, as per Firefox's ruleset,
|
|
|
|
// as a wildcard reference is only allowed with 3 parts or more, so the
|
|
|
|
// comparison will never match if host doesn't contain 3 parts or more as well.
|
2016-05-13 00:42:28 -04:00
|
|
|
if (ip2long($host) === false) {
|
External Libraries: Update the Requests library to version `1.8.0`.
While some of the changes in the `1.8.0` release have already been copied to WordPress Core in earlier releases (see [38727], [46258], [47902] and [49382]), this release contains additional improvements, including:
- A significant performance fix when using cURL.
- Improved compliance with RFC2616.
The library has also been moved under the WordPress project’s GitHub organization and can now be found at https://github.com/WordPress/Requests.
Props jrf, dd32, rmccue, justinahinon, netweb, schlessera, TimothyBJacobs, soulseekah, ozh, skithund, carlalexander, travisnorthcutt, desrosj.
Fixes #53101.
Built from https://develop.svn.wordpress.org/trunk@50842
git-svn-id: http://core.svn.wordpress.org/trunk@50451 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-11 15:42:02 -04:00
|
|
|
$parts = explode('.', $host);
|
2016-05-13 00:42:28 -04:00
|
|
|
$parts[0] = '*';
|
|
|
|
$wildcard = implode('.', $parts);
|
External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
Follow-up to [50842], [51078].
Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244
git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 20:12:02 -05:00
|
|
|
if ($wildcard === (string) $reference) {
|
2016-05-13 00:42:28 -04:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 13:26:13 -04:00
|
|
|
}
|