' ) ); } if ( ! $this->is_active() ) { if ( ! is_protected_endpoint() ) { return new WP_Error( 'non_protected_endpoint', __( 'Error occurred on a non-protected endpoint.' ) ); } if ( ! function_exists( 'wp_generate_password' ) ) { require_once ABSPATH . WPINC . '/pluggable.php'; } return $this->email_service->maybe_send_recovery_mode_email( $this->get_email_rate_limit(), $error, $extension ); } if ( ! $this->store_error( $error ) ) { return new WP_Error( 'storage_error', __( 'Failed to store the error.' ) ); } if ( headers_sent() ) { return true; } $this->redirect_protected(); } /** * Ends the current recovery mode session. * * @since 5.2.0 * * @return bool True on success, false on failure. */ public function exit_recovery_mode() { if ( ! $this->is_active() ) { return false; } $this->email_service->clear_rate_limit(); $this->cookie_service->clear_cookie(); wp_paused_plugins()->delete_all(); wp_paused_themes()->delete_all(); return true; } /** * Handles a request to exit Recovery Mode. * * @since 5.2.0 */ public function handle_exit_recovery_mode() { $redirect_to = wp_get_referer(); // Safety check in case referrer returns false. if ( ! $redirect_to ) { $redirect_to = is_user_logged_in() ? admin_url() : home_url(); } if ( ! $this->is_active() ) { wp_safe_redirect( $redirect_to ); die; } if ( ! isset( $_GET['action'] ) || self::EXIT_ACTION !== $_GET['action'] ) { return; } if ( ! isset( $_GET['_wpnonce'] ) || ! wp_verify_nonce( $_GET['_wpnonce'], self::EXIT_ACTION ) ) { wp_die( __( 'Exit recovery mode link expired.' ), 403 ); } if ( ! $this->exit_recovery_mode() ) { wp_die( __( 'Failed to exit recovery mode. Please try again later.' ) ); } wp_safe_redirect( $redirect_to ); die; } /** * Cleans any recovery mode keys that have expired according to the link TTL. * * Executes on a daily cron schedule. * * @since 5.2.0 */ public function clean_expired_keys() { $this->key_service->clean_expired_keys( $this->get_link_ttl() ); } /** * Handles checking for the recovery mode cookie and validating it. * * @since 5.2.0 */ protected function handle_cookie() { $validated = $this->cookie_service->validate_cookie(); if ( is_wp_error( $validated ) ) { $this->cookie_service->clear_cookie(); $validated->add_data( array( 'status' => 403 ) ); wp_die( $validated ); } $session_id = $this->cookie_service->get_session_id_from_cookie(); if ( is_wp_error( $session_id ) ) { $this->cookie_service->clear_cookie(); $session_id->add_data( array( 'status' => 403 ) ); wp_die( $session_id ); } $this->is_active = true; $this->session_id = $session_id; } /** * Gets the rate limit between sending new recovery mode email links. * * @since 5.2.0 * * @return int Rate limit in seconds. */ protected function get_email_rate_limit() { /** * Filters the rate limit between sending new recovery mode email links. * * @since 5.2.0 * * @param int $rate_limit Time to wait in seconds. Defaults to 1 day. */ return apply_filters( 'recovery_mode_email_rate_limit', DAY_IN_SECONDS ); } /** * Gets the number of seconds the recovery mode link is valid for. * * @since 5.2.0 * * @return int Interval in seconds. */ protected function get_link_ttl() { $rate_limit = $this->get_email_rate_limit(); $valid_for = $rate_limit; /** * Filters the amount of time the recovery mode email link is valid for. * * The ttl must be at least as long as the email rate limit. * * @since 5.2.0 * * @param int $valid_for The number of seconds the link is valid for. */ $valid_for = apply_filters( 'recovery_mode_email_link_ttl', $valid_for ); return max( $valid_for, $rate_limit ); } /** * Gets the extension that the error occurred in. * * @since 5.2.0 * * @global array $wp_theme_directories * * @param array $error Error details from `error_get_last()`. * @return array|false { * Extension details. * * @type string $slug The extension slug. This is the plugin or theme's directory. * @type string $type The extension type. Either 'plugin' or 'theme'. * } */ protected function get_extension_for_error( $error ) { global $wp_theme_directories; if ( ! isset( $error['file'] ) ) { return false; } if ( ! defined( 'WP_PLUGIN_DIR' ) ) { return false; } $error_file = wp_normalize_path( $error['file'] ); $wp_plugin_dir = wp_normalize_path( WP_PLUGIN_DIR ); if ( 0 === strpos( $error_file, $wp_plugin_dir ) ) { $path = str_replace( $wp_plugin_dir . '/', '', $error_file ); $parts = explode( '/', $path ); return array( 'type' => 'plugin', 'slug' => $parts[0], ); } if ( empty( $wp_theme_directories ) ) { return false; } foreach ( $wp_theme_directories as $theme_directory ) { $theme_directory = wp_normalize_path( $theme_directory ); if ( 0 === strpos( $error_file, $theme_directory ) ) { $path = str_replace( $theme_directory . '/', '', $error_file ); $parts = explode( '/', $path ); return array( 'type' => 'theme', 'slug' => $parts[0], ); } } return false; } /** * Checks whether the given extension a network activated plugin. * * @since 5.2.0 * * @param array $extension Extension data. * @return bool True if network plugin, false otherwise. */ protected function is_network_plugin( $extension ) { if ( 'plugin' !== $extension['type'] ) { return false; } if ( ! is_multisite() ) { return false; } $network_plugins = wp_get_active_network_plugins(); foreach ( $network_plugins as $plugin ) { if ( 0 === strpos( $plugin, $extension['slug'] . '/' ) ) { return true; } } return false; } /** * Stores the given error so that the extension causing it is paused. * * @since 5.2.0 * * @param array $error Error details from `error_get_last()`. * @return bool True if the error was stored successfully, false otherwise. */ protected function store_error( $error ) { $extension = $this->get_extension_for_error( $error ); if ( ! $extension ) { return false; } switch ( $extension['type'] ) { case 'plugin': return wp_paused_plugins()->set( $extension['slug'], $error ); case 'theme': return wp_paused_themes()->set( $extension['slug'], $error ); default: return false; } } /** * Redirects the current request to allow recovering multiple errors in one go. * * The redirection will only happen when on a protected endpoint. * * It must be ensured that this method is only called when an error actually occurred and will not occur on the * next request again. Otherwise it will create a redirect loop. * * @since 5.2.0 */ protected function redirect_protected() { // Pluggable is usually loaded after plugins, so we manually include it here for redirection functionality. if ( ! function_exists( 'wp_safe_redirect' ) ) { require_once ABSPATH . WPINC . '/pluggable.php'; } $scheme = is_ssl() ? 'https://' : 'http://'; $url = "{$scheme}{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"; wp_safe_redirect( $url ); exit; } }