403Webshell
Server IP : 66.29.132.122  /  Your IP : 18.219.126.46
Web Server : LiteSpeed
System : Linux business142.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64
User : admazpex ( 531)
PHP Version : 7.2.34
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /var/softaculous/sitepad/editor/site-data/plugins/kkart-pro/includes/wccom-site/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /var/softaculous/sitepad/editor/site-data/plugins/kkart-pro/includes/wccom-site/class-kkart-wccom-site.php
<?php
/**
 * Kkart.com Product Installation.
 *
 * @package Kkart\KKARTCom
 * @since   3.7.0
 */

defined( 'ABSPATH' ) || exit;

/**
 * KKART_KKARTCOM_Site Class
 *
 * Main class for Kkart.com connected site.
 */
class KKART_KKARTCOM_Site {

	const AUTH_ERROR_FILTER_NAME = 'wccom_auth_error';

	/**
	 * Load the KKARTCOM site class.
	 *
	 * @since 3.7.0
	 */
	public static function load() {
		self::includes();

		add_action( 'kkart_wccom_install_products', array( 'KKART_KKARTCOM_Site_Installer', 'install' ) );
		add_filter( 'determine_current_user', array( __CLASS__, 'authenticate_wccom' ), 14 );
		add_action( 'kkart_rest_api_get_rest_namespaces', array( __CLASS__, 'register_rest_namespace' ) );
	}

	/**
	 * Include support files.
	 *
	 * @since 3.7.0
	 */
	protected static function includes() {
		require_once KKART_ABSPATH . 'includes/admin/helper/class-kkart-helper.php';
		require_once KKART_ABSPATH . 'includes/wccom-site/class-kkart-wccom-site-installer.php';
		require_once KKART_ABSPATH . 'includes/wccom-site/class-kkart-wccom-site-installer-requirements-check.php';
	}

	/**
	 * Authenticate Kkart.com request.
	 *
	 * @since 3.7.0
	 * @param int|false $user_id User ID.
	 * @return int|false
	 */
	public static function authenticate_wccom( $user_id ) {
		if ( ! empty( $user_id ) || ! self::is_request_to_wccom_site_rest_api() ) {
			return $user_id;
		}

		$auth_header = trim( self::get_authorization_header() );

		if ( stripos( $auth_header, 'Bearer ' ) === 0 ) {
			$access_token = trim( substr( $auth_header, 7 ) );
		} elseif ( ! empty( $_GET['token'] ) && is_string( $_GET['token'] ) ) {  // phpcs:ignore WordPress.Security.NonceVerification.Recommended
			$access_token = trim( $_GET['token'] );  // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
		} else {
			add_filter(
				self::AUTH_ERROR_FILTER_NAME,
				function() {
					return new WP_Error(
						KKART_REST_KKARTCOM_Site_Installer_Errors::NO_ACCESS_TOKEN_CODE,
						KKART_REST_KKARTCOM_Site_Installer_Errors::NO_ACCESS_TOKEN_MESSAGE,
						array( 'status' => KKART_REST_KKARTCOM_Site_Installer_Errors::NO_ACCESS_TOKEN_HTTP_CODE )
					);
				}
			);
			return false;
		}

		if ( ! empty( $_SERVER['HTTP_X_WOO_SIGNATURE'] ) ) {
			$signature = trim( $_SERVER['HTTP_X_WOO_SIGNATURE'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
		} elseif ( ! empty( $_GET['signature'] ) && is_string( $_GET['signature'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
			$signature = trim( $_GET['signature'] ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
		} else {
			add_filter(
				self::AUTH_ERROR_FILTER_NAME,
				function() {
					return new WP_Error(
						KKART_REST_KKARTCOM_Site_Installer_Errors::NO_SIGNATURE_CODE,
						KKART_REST_KKARTCOM_Site_Installer_Errors::NO_SIGNATURE_MESSAGE,
						array( 'status' => KKART_REST_KKARTCOM_Site_Installer_Errors::NO_SIGNATURE_HTTP_CODE )
					);
				}
			);
			return false;
		}

		require_once KKART_ABSPATH . 'includes/admin/helper/class-kkart-helper-options.php';
		$site_auth = KKART_Helper_Options::get( 'auth' );

		if ( empty( $site_auth['access_token'] ) ) {
			add_filter(
				self::AUTH_ERROR_FILTER_NAME,
				function() {
					return new WP_Error(
						KKART_REST_KKARTCOM_Site_Installer_Errors::SITE_NOT_CONNECTED_CODE,
						KKART_REST_KKARTCOM_Site_Installer_Errors::SITE_NOT_CONNECTED_MESSAGE,
						array( 'status' => KKART_REST_KKARTCOM_Site_Installer_Errors::SITE_NOT_CONNECTED_HTTP_CODE )
					);
				}
			);
			return false;
		}

		if ( ! hash_equals( $access_token, $site_auth['access_token'] ) ) {
			add_filter(
				self::AUTH_ERROR_FILTER_NAME,
				function() {
					return new WP_Error(
						KKART_REST_KKARTCOM_Site_Installer_Errors::INVALID_TOKEN_CODE,
						KKART_REST_KKARTCOM_Site_Installer_Errors::INVALID_TOKEN_MESSAGE,
						array( 'status' => KKART_REST_KKARTCOM_Site_Installer_Errors::INVALID_TOKEN_HTTP_CODE )
					);
				}
			);
			return false;
		}

		$body = WP_REST_Server::get_raw_data();

		if ( ! self::verify_wccom_request( $body, $signature, $site_auth['access_token_secret'] ) ) {
			add_filter(
				self::AUTH_ERROR_FILTER_NAME,
				function() {
					return new WP_Error(
						KKART_REST_KKARTCOM_Site_Installer_Errors::REQUEST_VERIFICATION_FAILED_CODE,
						KKART_REST_KKARTCOM_Site_Installer_Errors::REQUEST_VERIFICATION_FAILED_MESSAGE,
						array( 'status' => KKART_REST_KKARTCOM_Site_Installer_Errors::REQUEST_VERIFICATION_FAILED_HTTP_CODE )
					);
				}
			);
			return false;
		}

		$user = get_user_by( 'id', $site_auth['user_id'] );
		if ( ! $user ) {
			add_filter(
				self::AUTH_ERROR_FILTER_NAME,
				function() {
					return new WP_Error(
						KKART_REST_KKARTCOM_Site_Installer_Errors::USER_NOT_FOUND_CODE,
						KKART_REST_KKARTCOM_Site_Installer_Errors::USER_NOT_FOUND_MESSAGE,
						array( 'status' => KKART_REST_KKARTCOM_Site_Installer_Errors::USER_NOT_FOUND_HTTP_CODE )
					);
				}
			);
			return false;
		}

		return $user;
	}

	/**
	 * Get the authorization header.
	 *
	 * On certain systems and configurations, the Authorization header will be
	 * stripped out by the server or PHP. Typically this is then used to
	 * generate `PHP_AUTH_USER`/`PHP_AUTH_PASS` but not passed on. We use
	 * `getallheaders` here to try and grab it out instead.
	 *
	 * @since 3.7.0
	 * @return string Authorization header if set.
	 */
	protected static function get_authorization_header() {
		if ( ! empty( $_SERVER['HTTP_AUTHORIZATION'] ) ) {
			return wp_unslash( $_SERVER['HTTP_AUTHORIZATION'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
		}

		if ( function_exists( 'getallheaders' ) ) {
			$headers = getallheaders();
			// Check for the authoization header case-insensitively.
			foreach ( $headers as $key => $value ) {
				if ( 'authorization' === strtolower( $key ) ) {
					return $value;
				}
			}
		}

		return '';
	}

	/**
	 * Check if this is a request to KKARTCOM Site REST API.
	 *
	 * @since 3.7.0
	 * @return bool
	 */
	protected static function is_request_to_wccom_site_rest_api() {

		if ( isset( $_REQUEST['rest_route'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
			$route       = wp_unslash( $_REQUEST['rest_route'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Recommended
			$rest_prefix = '';
		} else {
			$route       = wp_unslash( add_query_arg( array() ) );
			$rest_prefix = trailingslashit( rest_get_url_prefix() );
		}

		return false !== strpos( $route, $rest_prefix . 'wccom-site/' );
	}

	/**
	 * Verify Kkart.com request from a given body and signature request.
	 *
	 * @since 3.7.0
	 * @param string $body                Request body.
	 * @param string $signature           Request signature found in X-Woo-Signature header.
	 * @param string $access_token_secret Access token secret for this site.
	 * @return bool
	 */
	protected static function verify_wccom_request( $body, $signature, $access_token_secret ) {
		// phpcs:disable WordPress.Security.ValidatedSanitizedInput.InputNotValidated, WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
		$data = array(
			'host'        => $_SERVER['HTTP_HOST'],
			'request_uri' => urldecode( remove_query_arg( array( 'token', 'signature' ), $_SERVER['REQUEST_URI'] ) ),
			'method'      => strtoupper( $_SERVER['REQUEST_METHOD'] ),
		);
		// phpcs:enable

		if ( ! empty( $body ) ) {
			$data['body'] = $body;
		}

		$expected_signature = hash_hmac( 'sha256', wp_json_encode( $data ), $access_token_secret );

		return hash_equals( $expected_signature, $signature );
	}

	/**
	 * Register wccom-site REST namespace.
	 *
	 * @since 3.7.0
	 * @param array $namespaces List of registered namespaces.
	 * @return array Registered namespaces.
	 */
	public static function register_rest_namespace( $namespaces ) {
		require_once KKART_ABSPATH . 'includes/wccom-site/rest-api/class-kkart-rest-wccom-site-installer-errors.php';
		require_once KKART_ABSPATH . 'includes/wccom-site/rest-api/endpoints/class-kkart-rest-wccom-site-installer-controller.php';

		$namespaces['wccom-site/v1'] = array(
			'installer' => 'KKART_REST_KKARTCOM_Site_Installer_Controller',
		);

		return $namespaces;
	}
}

KKART_KKARTCOM_Site::load();

Youez - 2016 - github.com/yon3zu
LinuXploit