1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
<?php
/**
* Error Protection API: WP_Recovery_Mode_Link_Handler class
*
* @package WordPress
* @since 5.2.0
*/
/**
* Core class used to generate and handle recovery mode links.
*
* @since 5.2.0
*/
class WP_Recovery_Mode_Link_Service {
const LOGIN_ACTION_ENTER = 'enter_recovery_mode';
const LOGIN_ACTION_ENTERED = 'entered_recovery_mode';
/**
* Service to generate and validate recovery mode keys.
*
* @since 5.2.0
* @var WP_Recovery_Mode_Key_Service
*/
private $key_service;
/**
* Service to handle cookies.
*
* @since 5.2.0
* @var WP_Recovery_Mode_Cookie_Service
*/
private $cookie_service;
/**
* WP_Recovery_Mode_Link_Service constructor.
*
* @since 5.2.0
*
* @param WP_Recovery_Mode_Cookie_Service $cookie_service Service to handle setting the recovery mode cookie.
* @param WP_Recovery_Mode_Key_Service $key_service Service to handle generating recovery mode keys.
*/
public function __construct( WP_Recovery_Mode_Cookie_Service $cookie_service, WP_Recovery_Mode_Key_Service $key_service ) {
$this->cookie_service = $cookie_service;
$this->key_service = $key_service;
}
/**
* Generates a URL to begin recovery mode.
*
* Only one recovery mode URL can may be valid at the same time.
*
* @since 5.2.0
*
* @return string Generated URL.
*/
public function generate_url() {
$token = $this->key_service->generate_recovery_mode_token();
$key = $this->key_service->generate_and_store_recovery_mode_key( $token );
return $this->get_recovery_mode_begin_url( $token, $key );
}
/**
* Enters recovery mode when the user hits wp-login.php with a valid recovery mode link.
*
* @since 5.2.0
*
* @param int $ttl Number of seconds the link should be valid for.
*/
public function handle_begin_link( $ttl ) {
if ( ! isset( $GLOBALS['pagenow'] ) || 'wp-login.php' !== $GLOBALS['pagenow'] ) {
return;
}
if ( ! isset( $_GET['action'], $_GET['rm_token'], $_GET['rm_key'] ) || self::LOGIN_ACTION_ENTER !== $_GET['action'] ) {
return;
}
if ( ! function_exists( 'wp_generate_password' ) ) {
require_once ABSPATH . WPINC . '/pluggable.php';
}
$validated = $this->key_service->validate_recovery_mode_key( $_GET['rm_token'], $_GET['rm_key'], $ttl );
if ( is_wp_error( $validated ) ) {
wp_die( $validated, '' );
}
$this->cookie_service->set_cookie();
$url = add_query_arg( 'action', self::LOGIN_ACTION_ENTERED, wp_login_url() );
wp_redirect( $url );
die;
}
/**
* Gets a URL to begin recovery mode.
*
* @since 5.2.0
*
* @param string $token Recovery Mode token created by {@see generate_recovery_mode_token()}.
* @param string $key Recovery Mode key created by {@see generate_and_store_recovery_mode_key()}.
* @return string Recovery mode begin URL.
*/
private function get_recovery_mode_begin_url( $token, $key ) {
$url = add_query_arg(
array(
'action' => self::LOGIN_ACTION_ENTER,
'rm_token' => $token,
'rm_key' => $key,
),
wp_login_url()
);
/**
* Filter the URL to begin recovery mode.
*
* @since 5.2.0
*
* @param string $url The generated recovery mode begin URL.
* @param string $token The token used to identify the key.
* @param string $key The recovery mode key.
*/
return apply_filters( 'recovery_mode_begin_url', $url, $token, $key );
}
}
|
