Skip to content

Commit

Permalink
Fix: protect wpcom urls from search and replace (#33412)
Browse files Browse the repository at this point in the history 
Committed via a GitHub action: https://github.com/Automattic/jetpack/actions/runs/6542600122
  • Loading branch information
@bindlegirl @matticbot
bindlegirl authored and matticbot committed Oct 17, 2023
1 parent 6ee15ef commit 35a931f
Show file tree
Hide file tree
Showing 9 changed files with 99 additions and 66 deletions.
2 changes: 1 addition & 1 deletion composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
"automattic/jetpack-composer-plugin": "^1.1.14",
"automattic/jetpack-config": "^1.15.4",
"automattic/jetpack-connection": "^1.58.1",
"automattic/jetpack-identity-crisis": "^0.10.7",
"automattic/jetpack-identity-crisis": "^0.11.0-alpha",
"automattic/jetpack-my-jetpack": "^3.8.2",
"automattic/jetpack-search": "^0.39.2",
"automattic/jetpack-stats": "^0.6.6-alpha",
Expand Down
8 changes: 8 additions & 0 deletions jetpack_vendor/automattic/jetpack-identity-crisis/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [0.11.0-alpha] - unreleased

This is an alpha version! The changes listed here are not final.

### Fixed
- Added search and replace protection for wpcom urls stored in the database.

## [0.10.7] - 2023-10-16
### Changed
- Updated package dependencies. [#33429]
Expand Down Expand Up @@ -421,6 +428,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Updated package dependencies.
- Use Connection/Urls for home_url and site_url functions migrated from Sync.

[0.11.0-alpha]: https://github.com/Automattic/jetpack-identity-crisis/compare/v0.10.7...v0.11.0-alpha
[0.10.7]: https://github.com/Automattic/jetpack-identity-crisis/compare/v0.10.6...v0.10.7
[0.10.6]: https://github.com/Automattic/jetpack-identity-crisis/compare/v0.10.5...v0.10.6
[0.10.5]: https://github.com/Automattic/jetpack-identity-crisis/compare/v0.10.4...v0.10.5
Expand Down
2 changes: 1 addition & 1 deletion jetpack_vendor/automattic/jetpack-identity-crisis/composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@
"link-template": "https://github.com/Automattic/jetpack-identity-crisis/compare/v${old}...v${new}"
},
"branch-alias": {
"dev-trunk": "0.10.x-dev"
"dev-trunk": "0.11.x-dev"
}
},
"config": {
Expand Down
31 changes: 28 additions & 3 deletions jetpack_vendor/automattic/jetpack-identity-crisis/src/class-identity-crisis.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ class Identity_Crisis {
/**
* Package Version
*/
const PACKAGE_VERSION = '0.10.7';
const PACKAGE_VERSION = '0.11.0-alpha';

/**
* Instance of the object.
Expand Down Expand Up @@ -88,6 +88,8 @@ private function __construct() {

add_filter( 'jetpack_connection_validate_urls_for_idc_mitigation_response', array( static::class, 'add_secret_to_url_validation_response' ) );

add_filter( 'jetpack_options', array( static::class, 'reverse_wpcom_urls_for_idc' ) );

$urls_in_crisis = self::check_identity_crisis();
if ( false === $urls_in_crisis ) {
return;
Expand Down Expand Up @@ -285,7 +287,6 @@ public static function check_identity_crisis() {
if ( ! $connection->is_connected() || ( new Status() )->is_offline_mode() || ! self::validate_sync_error_idc_option() ) {
return false;
}

return Jetpack_Options::get_option( 'sync_error_idc' );
}

Expand Down Expand Up @@ -336,7 +337,7 @@ public function check_response_for_idc( $response ) {
);

if ( in_array( $error_code, $allowed_idc_error_codes, true ) ) {
\Jetpack_Options::update_option(
Jetpack_Options::update_option(
'sync_error_idc',
self::get_sync_error_idc_option( $response )
);
Expand Down Expand Up @@ -437,6 +438,24 @@ public static function validate_sync_error_idc_option() {
return $is_valid;
}

/**
* Reverses WP.com URLs stored in sync_error_idc option.
*
* @param array $sync_error error option containing reversed URLs.
* @return array
*/
public static function reverse_wpcom_urls_for_idc( $sync_error ) {
if ( isset( $sync_error['reversed_url'] ) ) {
if ( array_key_exists( 'wpcom_siteurl', $sync_error ) ) {
$sync_error['wpcom_siteurl'] = strrev( $sync_error['wpcom_siteurl'] );
}
if ( array_key_exists( 'wpcom_home', $sync_error ) ) {
$sync_error['wpcom_home'] = strrev( $sync_error['wpcom_home'] );
}
}
return $sync_error;
}

/**
* Normalizes a url by doing three things:
* - Strips protocol
Expand Down Expand Up @@ -506,6 +525,12 @@ public static function get_sync_error_idc_option( $response = array() ) {

$returned_values[ $key ] = $normalized_url;
}
// We need to protect WPCOM URLs from search & replace by reversing them. See https://wp.me/pf5801-3R
// Add 'reversed_url' key for backward compatibility
if ( array_key_exists( 'wpcom_home', $returned_values ) && array_key_exists( 'wpcom_siteurl', $returned_values ) ) {
$returned_values['reversed_url'] = true;
$returned_values = self::reverse_wpcom_urls_for_idc( $returned_values );
}

return $returned_values;
}
Expand Down
2 changes: 1 addition & 1 deletion jetpack_vendor/automattic/jetpack-sync/composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"require": {
"automattic/jetpack-connection": "^1.58.1",
"automattic/jetpack-constants": "^1.6.23",
"automattic/jetpack-identity-crisis": "^0.10.7",
"automattic/jetpack-identity-crisis": "^0.11.0-alpha",
"automattic/jetpack-password-checker": "^0.2.14",
"automattic/jetpack-ip": "^0.1.6",
"automattic/jetpack-roles": "^1.4.25",
Expand Down
2 changes: 1 addition & 1 deletion jetpack_vendor/i18n-map.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
),
'jetpack-idc' => array(
'path' => 'jetpack_vendor/automattic/jetpack-identity-crisis',
'ver' => '0.10.7',
'ver' => '0.11.0-alpha1697517507',
),
'jetpack-ip' => array(
'path' => 'jetpack_vendor/automattic/jetpack-ip',
Expand Down
56 changes: 28 additions & 28 deletions vendor/composer/installed.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-a8c-mc-stats",
"reference": "8eed116e17cb5ccf69d7574dda09615dcd5c7a1d"
"reference": "bee2fa24cbd6e4a899d5affebd05060b76856148"
},
"require-dev": {
"automattic/jetpack-changelogger": "^3.3.11",
Expand Down Expand Up @@ -57,7 +57,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-admin-ui",
"reference": "df9c059d5bc488b68a8073af69782ec5c563fb7c"
"reference": "0d213c3e26244ef13d7b101d5c3ae1d999ae9d5e"
},
"require-dev": {
"automattic/jetpack-changelogger": "^3.3.11",
Expand Down Expand Up @@ -119,7 +119,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-assets",
"reference": "a1235a3f22cfa0d5555d71c4cb020172ab03e704"
"reference": "45f8e8ec8de2aefc60151b3fd0a8b842349c34a3"
},
"require": {
"automattic/jetpack-constants": "^1.6.23"
Expand Down Expand Up @@ -187,7 +187,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-autoloader",
"reference": "88c2cde217bfbd779a7fe0c547e54a622e901f8a"
"reference": "e4b7c1b4b21df8b4afc9130db63dd467755c0118"
},
"require": {
"composer-plugin-api": "^1.1 || ^2.0"
Expand Down Expand Up @@ -252,7 +252,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-composer-plugin",
"reference": "90c2e7810852b5bcff653d778120a6269b02953a"
"reference": "04cdf376065b6f23412079d4f31573b8fca243a8"
},
"require": {
"composer-plugin-api": "^2.1.0"
Expand Down Expand Up @@ -311,7 +311,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-config",
"reference": "6540e9893fb75c32a8f6da6d23a837751bc1cfef"
"reference": "da53edb60adb75e5e2c837fb61d14847c1d9e42f"
},
"require-dev": {
"automattic/jetpack-changelogger": "^3.3.11"
Expand Down Expand Up @@ -353,7 +353,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-connection",
"reference": "e4fee2782ded01a85fd10ec799273b3be93f2eb8"
"reference": "49a3815340c33aa6cd62588b07ffebf586f36cb1"
},
"require": {
"automattic/jetpack-a8c-mc-stats": "^1.4.22",
Expand Down Expand Up @@ -431,7 +431,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-constants",
"reference": "0bb7aec82bf6b1d84ea7b37887514f832e8b1b07"
"reference": "c63df0125a5be9b9706e1be8377b51667db46920"
},
"require-dev": {
"automattic/jetpack-changelogger": "^3.3.11",
Expand Down Expand Up @@ -482,7 +482,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-device-detection",
"reference": "dfa3f87cafe1840b440a5201ea1df790a56780f5"
"reference": "3f909cf0998f51bef4732c57b63043022e1a232e"
},
"require-dev": {
"automattic/jetpack-changelogger": "^3.3.11",
Expand Down Expand Up @@ -527,12 +527,12 @@
},
{
"name": "automattic/jetpack-identity-crisis",
"version": "0.10.7",
"version_normalized": "0.10.7.0",
"version": "0.11.0-alpha.1697517507",
"version_normalized": "0.11.0.0-alpha1697517507",
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-identity-crisis",
"reference": "9143ed164ccf7890bcffd62f073608d512621d4a"
"reference": "acbf3dccd5c4a255a180c83f3da1187b00186b5b"
},
"require": {
"automattic/jetpack-assets": "^1.18.12",
Expand Down Expand Up @@ -561,7 +561,7 @@
"link-template": "https://github.com/Automattic/jetpack-identity-crisis/compare/v${old}...v${new}"
},
"branch-alias": {
"dev-trunk": "0.10.x-dev"
"dev-trunk": "0.11.x-dev"
}
},
"installation-source": "dist",
Expand Down Expand Up @@ -610,7 +610,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-ip",
"reference": "84342067928ee057058f25fcc1898bb9bbd5b740"
"reference": "9f3f4cebdbbbaea232d39f2a8ad3bef7f8559d0f"
},
"require-dev": {
"automattic/jetpack-changelogger": "^3.3.11",
Expand Down Expand Up @@ -665,7 +665,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-jitm",
"reference": "2e73780b5c182d95d4942f8cce82729ad11b0692"
"reference": "50c6b39908d910e5566f881ea1bdffef7d22895a"
},
"require": {
"automattic/jetpack-a8c-mc-stats": "^1.4.22",
Expand Down Expand Up @@ -740,7 +740,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-licensing",
"reference": "31ec9f47a1faf384cd207296bf1bbee222ed58f1"
"reference": "54ab70208732b2759868abffb83aa5940ae77ff3"
},
"require": {
"automattic/jetpack-connection": "^1.58.1"
Expand Down Expand Up @@ -801,7 +801,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-logo",
"reference": "26670e1eedf0098b0ebd4aa46e528e43a5d9531a"
"reference": "2650f99c13b50bfd34c6962f7788444fefbbaab1"
},
"require-dev": {
"automattic/jetpack-changelogger": "^3.3.11",
Expand Down Expand Up @@ -851,7 +851,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-my-jetpack",
"reference": "24f1d85192c7c4aaf67b83beee3a649ec5a642cc"
"reference": "1ce73bf5d11e8b96eaef4058d96615a9cbe5bfb8"
},
"require": {
"automattic/jetpack-admin-ui": "^0.2.23",
Expand Down Expand Up @@ -941,7 +941,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-partner",
"reference": "9e27f201670e38257c259dca5d8552dd59bea1f3"
"reference": "11fcf6f40c64bce76bdc4d281173ab95ba833210"
},
"require": {
"automattic/jetpack-connection": "^1.58.1",
Expand Down Expand Up @@ -1003,7 +1003,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-password-checker",
"reference": "79bf7f934594515d90c0d1eae9d3476ac06f38a9"
"reference": "4ed4c8795514bff4129a07fce0a9f0a3d0386edf"
},
"require-dev": {
"automattic/jetpack-changelogger": "^3.3.11",
Expand Down Expand Up @@ -1061,7 +1061,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-plugins-installer",
"reference": "c693f30e25024075f63891a2228d1695f432894c"
"reference": "b70e7b2c95de086c00d3b7cb6a780196bd618c6e"
},
"require": {
"automattic/jetpack-a8c-mc-stats": "^1.4.22"
Expand Down Expand Up @@ -1115,7 +1115,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-redirect",
"reference": "c51ec7a0fc4977c84b6205ca3d094fb864a544bd"
"reference": "453ca4247e174225e3b1d6eaa002e82bb8bc5a0e"
},
"require": {
"automattic/jetpack-status": "^1.18.5"
Expand Down Expand Up @@ -1169,7 +1169,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-roles",
"reference": "080f4759c25550f71e7eed310371544d719590ca"
"reference": "098721395e7a9fb82e0e19768f35baecf02858ff"
},
"require-dev": {
"automattic/jetpack-changelogger": "^3.3.11",
Expand Down Expand Up @@ -1220,7 +1220,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-search",
"reference": "0c0229a33586b63ce71c1c36b41c4b8a3be5ac83"
"reference": "b3b242f5d5bb5c49fe06681852f3bee2da86a940"
},
"require": {
"automattic/jetpack-assets": "^1.18.12",
Expand Down Expand Up @@ -1306,7 +1306,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-stats",
"reference": "5ef3ee88e94c5da9903868998195e36e639d3d44"
"reference": "137087c1969eaa620d7067341d12cf7ae8e4fe08"
},
"require": {
"automattic/jetpack-assets": "^1.18.12",
Expand Down Expand Up @@ -1370,7 +1370,7 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-status",
"reference": "63aa7eb25b4d888860a1e0072fcf13b1e1686d96"
"reference": "f4139bdbe31393771345a00b30a0252a234d891a"
},
"require": {
"automattic/jetpack-constants": "^1.6.23"
Expand Down Expand Up @@ -1425,12 +1425,12 @@
"dist": {
"type": "path",
"url": "/tmp/jetpack-build/Automattic/jetpack-sync",
"reference": "bf3d91021a9607da0410701b60ecabc2beef93de"
"reference": "eae31fd7b5ec9b572b1d5acf5d176531acb5420c"
},
"require": {
"automattic/jetpack-connection": "^1.58.1",
"automattic/jetpack-constants": "^1.6.23",
"automattic/jetpack-identity-crisis": "^0.10.7",
"automattic/jetpack-identity-crisis": "^0.11.0-alpha",
"automattic/jetpack-ip": "^0.1.6",
"automattic/jetpack-password-checker": "^0.2.14",
"automattic/jetpack-roles": "^1.4.25",
Expand Down
Loading

0 comments on commit 35a931f

Please sign in to comment.