Jetpack_Client

The WordPress Core Jetpack Client class.

Defined (1)

The class is defined in the following location(s).

/class.jetpack-client.php  
  1. class Jetpack_Client { 
  2.     const WPCOM_JSON_API_VERSION = '1.1'; 
  3.  
  4.     /** 
  5.      * Makes an authorized remote request using Jetpack_Signature 
  7.      * @return array|WP_Error WP HTTP response on success 
  8.      */ 
  9.     public static function remote_request( $args, $body = null ) { 
  10.         $defaults = array( 
  11.             'url' => '',  
  12.             'user_id' => 0,  
  13.             'blog_id' => 0,  
  14.             'auth_location' => JETPACK_CLIENT__AUTH_LOCATION,  
  15.             'method' => 'POST',  
  16.             'timeout' => 10,  
  17.             'redirection' => 0,  
  18.             'headers' => array(),  
  19.             'stream' => false,  
  20.             'filename' => null,  
  21.             'sslverify' => true,  
  22.  ); 
  23.  
  24.         $args = wp_parse_args( $args, $defaults ); 
  25.  
  26.         $args['blog_id'] = (int) $args['blog_id']; 
  27.  
  28.         if ( 'header' != $args['auth_location'] ) { 
  29.             $args['auth_location'] = 'query_string'; 
  31.  
  32.         $token = Jetpack_Data::get_access_token( $args['user_id'] ); 
  33.         if ( !$token ) { 
  34.             return new Jetpack_Error( 'missing_token' ); 
  36.  
  37.         $method = strtoupper( $args['method'] ); 
  38.  
  39.         $timeout = intval( $args['timeout'] ); 
  40.  
  41.         $redirection = $args['redirection']; 
  42.         $stream = $args['stream']; 
  43.         $filename = $args['filename']; 
  44.         $sslverify = $args['sslverify']; 
  45.  
  46.         $request = compact( 'method', 'body', 'timeout', 'redirection', 'stream', 'filename', 'sslverify' ); 
  47.  
  48.         @list( $token_key, $secret ) = explode( '.', $token->secret ); 
  49.         if ( empty( $token ) || empty( $secret ) ) { 
  50.             return new Jetpack_Error( 'malformed_token' ); 
  52.  
  53.         $token_key = sprintf( '%s:%d:%d', $token_key, JETPACK__API_VERSION, $token->external_user_id ); 
  54.  
  55.         require_once JETPACK__PLUGIN_DIR . 'class.jetpack-signature.php'; 
  56.  
  57.         $time_diff = (int) Jetpack_Options::get_option( 'time_diff' ); 
  58.         $jetpack_signature = new Jetpack_Signature( $token->secret, $time_diff ); 
  59.  
  60.         $timestamp = time() + $time_diff; 
  61.  
  62.         if( function_exists( 'wp_generate_password' ) ) { 
  63.             $nonce = wp_generate_password( 10, false ); 
  64.         } else { 
  65.             $nonce = substr( sha1( rand( 0, 1000000 ) ), 0, 10); 
  67.  
  68.         // Kind of annoying.  Maybe refactor Jetpack_Signature to handle body-hashing 
  69.         if ( is_null( $body ) ) { 
  70.             $body_hash = ''; 
  71.  
  72.         } else { 
  73.             // Allow arrays to be used in passing data. 
  74.             $body_to_hash = $body; 
  75.  
  76.             if ( is_array( $body ) ) { 
  77.                 // We cast this to a new variable, because the array form of $body needs to be 
  78.                 // maintained so it can be passed into the request later on in the code. 
  79.                 if ( count( $body ) > 0 ) { 
  80.                     $body_to_hash = json_encode( self::_stringify_data( $body ) ); 
  81.                 } else { 
  82.                     $body_to_hash = ''; 
  85.  
  86.             if ( ! is_string( $body_to_hash ) ) { 
  87.                 return new Jetpack_Error( 'invalid_body', 'Body is malformed.' ); 
  89.  
  90.             $body_hash = jetpack_sha1_base64( $body_to_hash ); 
  92.  
  93.         $auth = array( 
  94.             'token' => $token_key,  
  95.             'timestamp' => $timestamp,  
  96.             'nonce' => $nonce,  
  97.             'body-hash' => $body_hash,  
  98.  ); 
  99.  
  100.         if ( false !== strpos( $args['url'], 'xmlrpc.php' ) ) { 
  101.             $url_args = array( 
  102.                 'for' => 'jetpack',  
  103.                 'wpcom_blog_id' => Jetpack_Options::get_option( 'id' ),  
  104.  ); 
  105.         } else { 
  106.             $url_args = array(); 
  108.  
  109.         if ( 'header' != $args['auth_location'] ) { 
  110.             $url_args += $auth; 
  112.  
  113.         $url = add_query_arg( urlencode_deep( $url_args ), $args['url'] ); 
  114.         $url = Jetpack::fix_url_for_bad_hosts( $url ); 
  115.  
  116.         $signature = $jetpack_signature->sign_request( $token_key, $timestamp, $nonce, $body_hash, $method, $url, $body, false ); 
  117.  
  118.         if ( !$signature || is_wp_error( $signature ) ) { 
  119.             return $signature; 
  121.  
  122.         // Send an Authorization header so various caches/proxies do the right thing 
  123.         $auth['signature'] = $signature; 
  124.         $auth['version'] = JETPACK__VERSION; 
  125.         $header_pieces = array(); 
  126.         foreach ( $auth as $key => $value ) { 
  127.             $header_pieces[] = sprintf( '%s="%s"', $key, $value ); 
  129.         $request['headers'] = array_merge( $args['headers'], array( 
  130.             'Authorization' => "X_JETPACK " . join( ' ', $header_pieces ),  
  131.  ) ); 
  132.  
  133.         $host = parse_url( $url, PHP_URL_HOST ); 
  134.  
  135.         // If we have a JETPACK__WPCOM_JSON_API_HOST_HEADER set, then let's use 
  136.         // that, otherwise, let's fallback to the standard. 
  137.         if ( defined( 'JETPACK__WPCOM_JSON_API_HOST_HEADER' ) && JETPACK__WPCOM_JSON_API_HOST_HEADER ) { 
  138.             $request['headers']['Host'] = JETPACK__WPCOM_JSON_API_HOST_HEADER; 
  139.  
  140.         } elseif ( $host === JETPACK__WPCOM_JSON_API_HOST ) { 
  141.             $request['headers']['Host'] = 'public-api.wordpress.com'; 
  143.  
  144.         if ( 'header' != $args['auth_location'] ) { 
  145.             $url = add_query_arg( 'signature', urlencode( $signature ), $url ); 
  147.  
  148.         return Jetpack_Client::_wp_remote_request( $url, $request ); 
  150.  
  151.     /** 
  152.      * Wrapper for wp_remote_request().  Turns off SSL verification for certain SSL errors. 
  153.      * This is lame, but many, many, many hosts have misconfigured SSL. 
  155.      * When Jetpack is registered, the jetpack_fallback_no_verify_ssl_certs option is set to the current time if: 
  156.      * 1. a certificate error is found AND 
  157.      * 2. not verifying the certificate works around the problem. 
  159.      * The option is checked on each request. 
  161.      * @internal 
  162.      * @see Jetpack::fix_url_for_bad_hosts() 
  164.      * @return array|WP_Error WP HTTP response on success 
  165.      */ 
  166.     public static function _wp_remote_request( $url, $args, $set_fallback = false ) { 
  167.         /** 
  168.          * SSL verification (`sslverify`) for the JetpackClient remote request 
  169.          * defaults to off, use this filter to force it on. 
  171.          * Return `true` to ENABLE SSL verification, return `false` 
  172.          * to DISABLE SSL verification. 
  174.          * @since 3.6.0 
  176.          * @param bool Whether to force `sslverify` or not. 
  177.          */ 
  178.         if ( apply_filters( 'jetpack_client_verify_ssl_certs', false ) ) { 
  179.             return wp_remote_request( $url, $args ); 
  181.  
  182.         $fallback = Jetpack_Options::get_option( 'fallback_no_verify_ssl_certs' ); 
  183.         if ( false === $fallback ) { 
  184.             Jetpack_Options::update_option( 'fallback_no_verify_ssl_certs', 0 ); 
  186.  
  187.         if ( (int) $fallback ) { 
  188.             // We're flagged to fallback 
  189.             $args['sslverify'] = false; 
  191.  
  192.         $response = wp_remote_request( $url, $args ); 
  193.  
  194.         if ( 
  195.             !$set_fallback                                     // We're not allowed to set the flag on this request, so whatever happens happens 
  196.         || 
  197.             isset( $args['sslverify'] ) && !$args['sslverify'] // No verification - no point in doing it again 
  198.         || 
  199.             !is_wp_error( $response )                          // Let it ride 
  200.  ) { 
  201.             Jetpack_Client::set_time_diff( $response, $set_fallback ); 
  202.             return $response; 
  204.  
  205.         // At this point, we're not flagged to fallback and we are allowed to set the flag on this request. 
  206.  
  207.         $message = $response->get_error_message(); 
  208.  
  209.         // Is it an SSL Certificate verification error? 
  210.         if ( 
  211.             false === strpos( $message, '14090086' ) // OpenSSL SSL3 certificate error 
  212.         && 
  213.             false === strpos( $message, '1407E086' ) // OpenSSL SSL2 certificate error 
  214.         && 
  215.             false === strpos( $message, 'error setting certificate verify locations' ) // cURL CA bundle not found 
  216.         && 
  217.             false === strpos( $message, 'Peer certificate cannot be authenticated with' ) // cURL CURLE_SSL_CACERT: CA bundle found, but not helpful 
  218.                                                                                           // different versions of curl have different error messages 
  219.                                                                                           // this string should catch them all 
  220.         && 
  221.             false === strpos( $message, 'Problem with the SSL CA cert' ) // cURL CURLE_SSL_CACERT_BADFILE: probably access rights 
  222.  ) { 
  223.             // No, it is not. 
  224.             return $response; 
  226.  
  227.         // Redo the request without SSL certificate verification. 
  228.         $args['sslverify'] = false; 
  229.         $response = wp_remote_request( $url, $args ); 
  230.  
  231.         if ( !is_wp_error( $response ) ) { 
  232.             // The request went through this time, flag for future fallbacks 
  233.             Jetpack_Options::update_option( 'fallback_no_verify_ssl_certs', time() ); 
  234.             Jetpack_Client::set_time_diff( $response, $set_fallback ); 
  236.  
  237.         return $response; 
  239.  
  240.     public static function set_time_diff( &$response, $force_set = false ) { 
  241.         $code = wp_remote_retrieve_response_code( $response ); 
  242.  
  243.         // Only trust the Date header on some responses 
  244.         if ( 200 != $code && 304 != $code && 400 != $code && 401 != $code ) { 
  245.             return; 
  247.  
  248.         if ( !$date = wp_remote_retrieve_header( $response, 'date' ) ) { 
  249.             return; 
  251.  
  252.         if ( 0 >= $time = (int) strtotime( $date ) ) { 
  253.             return; 
  255.  
  256.         $time_diff = $time - time(); 
  257.  
  258.         if ( $force_set ) { // during register 
  259.             Jetpack_Options::update_option( 'time_diff', $time_diff ); 
  260.         } else { // otherwise 
  261.             $old_diff = Jetpack_Options::get_option( 'time_diff' ); 
  262.             if ( false === $old_diff || abs( $time_diff - (int) $old_diff ) > 10 ) { 
  263.                 Jetpack_Options::update_option( 'time_diff', $time_diff ); 
  267.  
  268.     /** 
  269.      * Query the WordPress.com REST API using the blog token 
  271.      * @param string  $path 
  272.      * @param string  $version 
  273.      * @param array   $args 
  274.      * @param string  $body 
  275.      * @return array|WP_Error $response Data. 
  276.      */ 
  277.     static function wpcom_json_api_request_as_blog( $path, $version = self::WPCOM_JSON_API_VERSION, $args = array(), $body = null ) { 
  278.         $filtered_args = array_intersect_key( $args, array( 
  279.             'method' => 'string',  
  280.             'timeout' => 'int',  
  281.             'redirection' => 'int',  
  282.             'stream' => 'boolean',  
  283.             'filename' => 'string',  
  284.             'sslverify' => 'boolean',  
  285.  ) ); 
  286.  
  287.         /** 
  288.          * Determines whether Jetpack can send outbound https requests to the WPCOM api. 
  290.          * @since 3.6.0 
  292.          * @param bool $proto Defaults to true. 
  293.          */ 
  294.         $proto = apply_filters( 'jetpack_can_make_outbound_https', true ) ? 'https' : 'http'; 
  295.  
  296.         // unprecedingslashit 
  297.         $_path = preg_replace( '/^\//', '', $path ); 
  298.  
  299.         // Use GET by default whereas `remote_request` uses POST 
  300.         $request_method = ( isset( $filtered_args['method'] ) ) ? $filtered_args['method'] : 'GET'; 
  301.  
  302.         $validated_args = array_merge( $filtered_args, array( 
  303.             'url' => sprintf( '%s://%s/rest/v%s/%s', $proto, JETPACK__WPCOM_JSON_API_HOST, $version, $_path ),  
  304.             'blog_id' => (int) Jetpack_Options::get_option( 'id' ),  
  305.             'method' => $request_method,  
  306.  ) ); 
  307.  
  308.         return Jetpack_Client::remote_request( $validated_args, $body ); 
  310.  
  311.     /** 
  312.      * Takes an array or similar structure and recursively turns all values into strings. This is used to 
  313.      * make sure that body hashes are made ith the string version, which is what will be seen after a 
  314.      * server pulls up the data in the $_POST array. 
  316.      * @param array|mixed $data 
  318.      * @return array|string 
  319.      */ 
  320.     public static function _stringify_data( $data ) { 
  321.  
  322.         // Booleans are special, lets just makes them and explicit 1/0 instead of the 0 being an empty string. 
  323.         if ( is_bool( $data ) ) { 
  324.             return $data ? "1" : "0"; 
  326.  
  327.         // Cast objects into arrays. 
  328.         if ( is_object( $data ) ) { 
  329.             $data = (array) $data; 
  331.  
  332.         // Non arrays at this point should be just converted to strings. 
  333.         if ( ! is_array( $data ) ) { 
  334.             return (string)$data; 
  336.  
  337.         foreach ( $data as $key => &$value ) { 
  338.             $value = self::_stringify_data( $value ); 
  340.  
  341.         return $data;