Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function verify_action( $params ) {
- $action = $params[0];
- $verify_secret = $params[1];
- $state = isset( $params[2] ) ? $params[2] : '';
- if ( 'authorize' === $action ) {
- Jetpack_Options::delete_option( $action );
- return $this->error( new Jetpack_Error( 'verify_secrets_expired', 'Verification took too long', 400 ) );
- }
- if ( empty( $verify_secret ) ) {
- return $this->error( new Jetpack_Error( 'verify_secret_1_missing', sprintf( 'The required "%s" parameter is missing.', 'secret_1' ), 400 ) );
- } else if ( ! is_string( $verify_secret ) ) {
- return $this->error( new Jetpack_Error( 'verify_secret_1_malformed', sprintf( 'The required "%s" parameter is malformed.', 'secret_1' ), 400 ) );
- }
- $secrets = Jetpack_Options::get_option( $action );
- if ( ! $secrets || is_wp_error( $secrets ) ) {
- Jetpack_Options::delete_option( $action );
- return $this->error( new Jetpack_Error( 'verify_secrets_missing', 'Verification secrets not found', 400 ) );
- }
- @list( $secret_1, $secret_2, $secret_eol, $user_id ) = explode( ':', $secrets );
- if ( empty( $secret_1 ) || empty( $secret_2 ) || empty( $secret_eol ) ) {
- Jetpack_Options::delete_option( $action );
- return $this->error( new Jetpack_Error( 'verify_secrets_incomplete', 'Verification secrets are incomplete', 400 ) );
- }
- if ( $secret_eol < time() ) {
- Jetpack_Options::delete_option( $action );
- return $this->error( new Jetpack_Error( 'verify_secrets_expired', 'Verification took too long', 400 ) );
- }
- if ( ! hash_equals( $verify_secret, $secret_1 ) ) {
- Jetpack_Options::delete_option( $action );
- return $this->error( new Jetpack_Error( 'verify_secrets_mismatch', 'Secret mismatch', 400 ) );
- }
- if ( in_array( $action, array( 'authorize', 'register' ) ) ) {
- // 'authorize' and 'register' actions require further testing
- if ( empty( $state ) ) {
- return $this->error( new Jetpack_Error( 'state_missing', sprintf( 'The required "%s" parameter is missing.', 'state' ), 400 ) );
- } else if ( ! ctype_digit( $state ) ) {
- return $this->error( new Jetpack_Error( 'state_malformed', sprintf( 'The required "%s" parameter is malformed.', 'state' ), 400 ) );
- }
- if ( empty( $user_id ) || $user_id !== $state ) {
- Jetpack_Options::delete_option( $action );
- return $this->error( new Jetpack_Error( 'invalid_state', 'State is invalid', 400 ) );
- }
- }
- Jetpack_Options::delete_option( $action );
- return $secret_2;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement