Changeset 1120688

Timestamp:

03/25/2015 06:27:57 PM (11 years ago)

Author:

briancolinger

Message:

Adding support for openssl signing.
Bumping the plugin version.

Location:

vaultpress/trunk

Files:

• readme.txt (modified) (2 diffs)
• vaultpress.php (modified) (4 diffs)

vaultpress/trunk/readme.txt

@@ -4 +4 @@
 Requires at least: 2.9.2
 Tested up to: 4.2
-Stable tag: 1.7.0
+Stable tag: 1.7.1
 License: GPLv2
 
@@ -52 +52 @@
 
 == Changelog ==
+= 1.7.1 - 25 Mar 2015 =
+* Added support for openssl signing.
+
 = 1.7.0 - 9 Jan 2015 =
 * Added an option to disable calls to php_uname, as some hosts don't allow them.

vaultpress/trunk/vaultpress.php

@@ -4 +4 @@
  * Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
  * Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">Need some help?</a>
- * Version: 1.7.0
+ * Version: 1.7.1
  * Author: Automattic
  * Author URI: http://vaultpress.com/?utm_source=author-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
@@ -19 +19 @@
     var $option_name    = 'vaultpress';
     var $db_version     = 4;
-    var $plugin_version = '1.7.0';
+    var $plugin_version = '1.7.1';
 
     function __construct() {
@@ -1822 +1822 @@
         ksort( $post );
         $to_sign = serialize( array( 'uri' => $uri, 'post' => $post ) );
+
+        if ( $this->can_use_openssl() ) {
+            $sslsig = '';
+            if ( isset( $post['sslsig'] ) ) {
+                $sslsig = $post['sslsig'];
+                unset( $post['sslsig'] );
+            }
+            if ( openssl_verify( serialize( array( 'uri' => $uri, 'post' => $post ) ), base64_decode( $sslsig ), $this->get_option( 'public_key' ) ) ) {
+                return true;
+            } else {
+                $__vp_validate_error = array( 'error' => 'invalid_signed_data' );
+                return false;
+            }
+        }
+
         $signature = $this->sign_string( $to_sign, $secret, $sig[1] );
         if ( $sig[0] === $signature )
@@ -1956 +1971 @@
     function sign_string( $string, $secret, $salt ) {
         return hash_hmac( 'sha1', "$string:$salt", $secret );
+    }
+
+    function can_use_openssl() {
+        if ( !function_exists( 'openssl_verify' ) )
+            return false;
+        if ( 1 !== (int) $this->get_option( 'use_openssl_signing' ) )
+            return false;
+        return true;
     }