CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
wp_hash example
function wp_get_unapproved_comment_author_email() {
$commenter_email = '';
if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
$comment_id = (int) $_GET['unapproved'];
$comment = get_comment( $comment_id );
if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) {
// The comment will only be viewable by the comment author for 10 minutes. $comment_preview_expires = strtotime( $comment->comment_date_gmt . '+10 minutes' );
if ( time() < $comment_preview_expires ) {
$commenter_email = $comment->comment_author_email;
}
}
}
if ( ! $commenter_email ) {
$commenter = wp_get_current_commenter();
if ( isset( $request['number'] ) && is_numeric( $request['number'] ) ) {
$widget_object->_set( (int) $request['number'] );
} else {
$widget_object->_set( -1 );
}
if ( isset( $request['instance']['encoded'], $request['instance']['hash'] ) ) {
$serialized_instance = base64_decode( $request['instance']['encoded'] );
if ( ! hash_equals( wp_hash( $serialized_instance ), $request['instance']['hash'] ) ) {
return new WP_Error(
'rest_invalid_widget',
__( 'The provided instance is malformed.' ),
array( 'status' => 400 )
);
}
$instance = unserialize( $serialized_instance );
} else {
$instance = array();
}
public function hash_nav_menu_args( $args ) {
return wp_hash( serialize( $args ) );
}
/** * Enqueues scripts for the Customizer preview. * * @since 4.3.0 */
public function customize_preview_enqueue_deps() {
wp_enqueue_script( 'customize-preview-nav-menus' ); // Note that we have overridden this. }
$id_base = $attributes['idBase'];
$widget_key = $wp_widget_factory->get_widget_key( $id_base );
$widget_object = $wp_widget_factory->get_widget_object( $id_base );
if ( ! $widget_key || ! $widget_object ) {
return '';
}
if ( isset( $attributes['instance']['encoded'], $attributes['instance']['hash'] ) ) {
$serialized_instance = base64_decode( $attributes['instance']['encoded'] );
if ( ! hash_equals( wp_hash( $serialized_instance ), (string) $attributes['instance']['hash'] ) ) {
return '';
}
$instance = unserialize( $serialized_instance );
} else {
$instance = array();
}
$args = array(
'widget_id' => $widget_object->id,
'widget_name' => $widget_object->name,
);
$widget_key = $wp_widget_factory->get_widget_key( $id_base );
$widget_object = $wp_widget_factory->get_widget_object( $id_base );
if ( ! $widget_key || ! $widget_object ) {
return '';
}
if ( isset( $attributes['instance']['encoded'], $attributes['instance']['hash'] ) ) {
$serialized_instance = base64_decode( $attributes['instance']['encoded'] );
if ( ! hash_equals( wp_hash( $serialized_instance ), (string) $attributes['instance']['hash'] ) ) {
return '';
}
$instance = unserialize( $serialized_instance );
} else {
$instance = array();
}
$args = array(
'widget_id' => $widget_object->id,
'widget_name' => $widget_object->name,
);
do_action( 'auth_cookie_bad_username', $cookie_elements );
return false;
}
$pass_frag = substr( $user->user_pass, 8, 4 );
$key = wp_hash( $username . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme );
// If ext/hash is not present, compat.php's hash_hmac() does not support sha256. $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
$hash = hash_hmac( $algo, $username . '|' . $expiration . '|' . $token, $key );
if ( ! hash_equals( $hash, $hmac ) ) {
/** * Fires if a bad authentication cookie hash is encountered. * * @since 2.7.0 * * @param string[] $cookie_elements { * Authentication cookie components. None of the components should be assumed * to be valid as they come directly from a client-provided cookie value. * * @type string $username User's username. * @type string $expiration The time the cookie expires as a UNIX timestamp. * @type string $token User's session token used. * @type string $hmac The security hash for the cookie. * @type string $scheme The cookie scheme to use. * } */
do_action( 'set_comment_cookies', $comment, $user, $cookies_consent );
$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;
// If user didn't consent to cookies, add specific query arguments to display the awaiting moderation message. if ( ! $cookies_consent && 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) {
$location = add_query_arg(
array(
'unapproved' => $comment->comment_ID,
'moderation-hash' => wp_hash( $comment->comment_date_gmt ),
),
$location
);
}
/** * Filters the location URI to send the commenter after posting. * * @since 2.0.5 * * @param string $location The 'redirect_to' URI sent via $_POST. * @param WP_Comment $comment Comment object. */
if ( isset( $request['instance']['raw'] ) ) {
if ( empty( $widget_object->widget_options['show_instance_in_rest'] ) ) {
return new WP_Error(
'rest_invalid_widget',
__( 'Widget type does not support raw instances.' ),
array( 'status' => 400 )
);
}
$instance = $request['instance']['raw'];
} elseif ( isset( $request['instance']['encoded'], $request['instance']['hash'] ) ) {
$serialized_instance = base64_decode( $request['instance']['encoded'] );
if ( ! hash_equals( wp_hash( $serialized_instance ), $request['instance']['hash'] ) ) {
return new WP_Error(
'rest_invalid_widget',
__( 'The provided instance is malformed.' ),
array( 'status' => 400 )
);
}
$instance = unserialize( $serialized_instance );
} else {
return new WP_Error(
'rest_invalid_widget',
__( 'The provided instance is invalid. Must contain raw OR encoded and hash.' ),
if ( empty( $widget_object->widget_options['show_instance_in_rest'] ) ) {
return new WP_Error(
'rest_invalid_widget',
__( 'Widget type does not support raw instances.' ),
array( 'status' => 400 )
);
}
$instance = $request['instance']['raw'];
} elseif ( isset( $request['instance']['encoded'], $request['instance']['hash'] ) ) {
$serialized_instance = base64_decode( $request['instance']['encoded'] );
if ( ! hash_equals( wp_hash( $serialized_instance ), $request['instance']['hash'] ) ) {
return new WP_Error(
'rest_invalid_widget',
__( 'The provided instance is malformed.' ),
array( 'status' => 400 )
);
}
$instance = unserialize( $serialized_instance );
} else {
return new WP_Error(
'rest_invalid_widget',
__( 'The provided instance is invalid. Must contain raw OR encoded and hash.' ),
protected function get_instance_hash_key( $serialized_instance ) {
return wp_hash( $serialized_instance );
}
/** * Sanitizes a widget instance. * * Unserialize the JS-instance for storing in the options. It's important that this filter * only get applied to an instance *once*. * * @since 3.9.0 * @since 5.8.0 Added the `$id_base` parameter. * * @global WP_Widget_Factory $wp_widget_factory * * @param array $value Widget instance to sanitize. * @param string $id_base Optional. Base of the ID of the widget being sanitized. Default null. * @return array|void Sanitized widget instance. */