Version Description
- Fix for OAuth issues, caused by other plugins that don't check for the existence of a class. Namespaced the whole thing to prevent it.
Download this release
Release Info
Developer | joostdevalk |
Plugin | Google Analytics for WordPress by MonsterInsights |
Version | 4.2.2 |
Comparing to | |
See all releases |
Code changes from version 4.2.1 to 4.2.2
- googleanalytics.php +4 -6
- readme.txt +5 -1
- wp-gdata/OAuth.php +63 -63
- wp-gdata/wp-gdata.php +9 -9
googleanalytics.php
CHANGED
@@ -4,15 +4,15 @@ Plugin Name: Google Analytics for WordPress
|
|
4 |
Plugin URI: http://yoast.com/wordpress/google-analytics/#utm_source=wordpress&utm_medium=plugin&utm_campaign=google-analytics-for-wordpress&utm_content=v420
|
5 |
Description: This plugin makes it simple to add Google Analytics to your WordPress blog, adding lots of features, eg. custom variables and automatic clickout and download tracking.
|
6 |
Author: Joost de Valk
|
7 |
-
Version: 4.2
|
8 |
-
Requires at least:
|
9 |
Author URI: http://yoast.com/
|
10 |
License: GPL
|
11 |
*/
|
12 |
|
13 |
// This plugin was originally based on Rich Boakes' Analytics plugin: http://boakes.org/analytics
|
14 |
|
15 |
-
define('GAWP_VERSION', '4.2');
|
16 |
|
17 |
/*
|
18 |
* Admin User Interface
|
@@ -823,9 +823,7 @@ if ( is_admin() && ( !defined('DOING_AJAX') || !DOING_AJAX ) && !class_exists( '
|
|
823 |
function authenticate() {
|
824 |
if ( isset( $_REQUEST['oauth_token'] ) ) {
|
825 |
$o = get_option( $this->optionname );
|
826 |
-
if ( isset( $o['gawp_oauth']['oauth_token'] ) && $o['gawp_oauth']['oauth_token']
|
827 |
-
$o['gawp_oauth']['oauth_token'] = '';
|
828 |
-
} else {
|
829 |
$gdata = new WP_GData(
|
830 |
array(
|
831 |
'scope' => 'https://www.google.com/analytics/feeds/',
|
4 |
Plugin URI: http://yoast.com/wordpress/google-analytics/#utm_source=wordpress&utm_medium=plugin&utm_campaign=google-analytics-for-wordpress&utm_content=v420
|
5 |
Description: This plugin makes it simple to add Google Analytics to your WordPress blog, adding lots of features, eg. custom variables and automatic clickout and download tracking.
|
6 |
Author: Joost de Valk
|
7 |
+
Version: 4.2.2
|
8 |
+
Requires at least: 3.0
|
9 |
Author URI: http://yoast.com/
|
10 |
License: GPL
|
11 |
*/
|
12 |
|
13 |
// This plugin was originally based on Rich Boakes' Analytics plugin: http://boakes.org/analytics
|
14 |
|
15 |
+
define('GAWP_VERSION', '4.2.2');
|
16 |
|
17 |
/*
|
18 |
* Admin User Interface
|
823 |
function authenticate() {
|
824 |
if ( isset( $_REQUEST['oauth_token'] ) ) {
|
825 |
$o = get_option( $this->optionname );
|
826 |
+
if ( isset( $o['gawp_oauth']['oauth_token'] ) && $o['gawp_oauth']['oauth_token'] == $_REQUEST['oauth_token'] ) {
|
|
|
|
|
827 |
$gdata = new WP_GData(
|
828 |
array(
|
829 |
'scope' => 'https://www.google.com/analytics/feeds/',
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Donate link: http://yoast.com/donate/
|
|
4 |
Tags: analytics, google analytics, statistics, tracking, stats, google
|
5 |
Requires at least: 2.8
|
6 |
Tested up to: 3.2.1
|
7 |
-
Stable tag: 4.2.
|
8 |
|
9 |
Track your WordPress site easily and with lots of metadata: views per author & category, automatic tracking of outbound clicks and pageviews.
|
10 |
|
@@ -59,6 +59,10 @@ This section describes how to install the plugin and get it working.
|
|
59 |
|
60 |
== Changelog ==
|
61 |
|
|
|
|
|
|
|
|
|
62 |
= 4.2.1 =
|
63 |
|
64 |
* Minor bugfix.
|
4 |
Tags: analytics, google analytics, statistics, tracking, stats, google
|
5 |
Requires at least: 2.8
|
6 |
Tested up to: 3.2.1
|
7 |
+
Stable tag: 4.2.2
|
8 |
|
9 |
Track your WordPress site easily and with lots of metadata: views per author & category, automatic tracking of outbound clicks and pageviews.
|
10 |
|
59 |
|
60 |
== Changelog ==
|
61 |
|
62 |
+
= 4.2.2 =
|
63 |
+
|
64 |
+
* Fix for OAuth issues, caused by other plugins that don't check for the existence of a class. Namespaced the whole thing to prevent it.
|
65 |
+
|
66 |
= 4.2.1 =
|
67 |
|
68 |
* Minor bugfix.
|
wp-gdata/OAuth.php
CHANGED
@@ -3,11 +3,11 @@
|
|
3 |
|
4 |
/* Generic exception class
|
5 |
*/
|
6 |
-
class
|
7 |
// pass
|
8 |
}
|
9 |
|
10 |
-
class
|
11 |
public $key;
|
12 |
public $secret;
|
13 |
|
@@ -18,11 +18,11 @@ class OAuthConsumer {
|
|
18 |
}
|
19 |
|
20 |
function __toString() {
|
21 |
-
return "
|
22 |
}
|
23 |
}
|
24 |
|
25 |
-
class
|
26 |
// access tokens and request tokens
|
27 |
public $key;
|
28 |
public $secret;
|
@@ -42,9 +42,9 @@ class OAuthToken {
|
|
42 |
*/
|
43 |
function to_string() {
|
44 |
return "oauth_token=" .
|
45 |
-
|
46 |
"&oauth_token_secret=" .
|
47 |
-
|
48 |
}
|
49 |
|
50 |
function __toString() {
|
@@ -56,7 +56,7 @@ class OAuthToken {
|
|
56 |
* A class for implementing a Signature Method
|
57 |
* See section 9 ("Signing Requests") in the spec
|
58 |
*/
|
59 |
-
abstract class
|
60 |
/**
|
61 |
* Needs to return the name of the Signature Method (ie HMAC-SHA1)
|
62 |
* @return string
|
@@ -66,20 +66,20 @@ abstract class OAuthSignatureMethod {
|
|
66 |
/**
|
67 |
* Build up the signature
|
68 |
* NOTE: The output of this function MUST NOT be urlencoded.
|
69 |
-
* the encoding is handled in
|
70 |
* request is serialized
|
71 |
-
* @param
|
72 |
-
* @param
|
73 |
-
* @param
|
74 |
* @return string
|
75 |
*/
|
76 |
abstract public function build_signature($request, $consumer, $token);
|
77 |
|
78 |
/**
|
79 |
* Verifies that a given signature is correct
|
80 |
-
* @param
|
81 |
-
* @param
|
82 |
-
* @param
|
83 |
* @param string $signature
|
84 |
* @return bool
|
85 |
*/
|
@@ -112,7 +112,7 @@ abstract class OAuthSignatureMethod {
|
|
112 |
* character (ASCII code 38) even if empty.
|
113 |
* - Chapter 9.2 ("HMAC-SHA1")
|
114 |
*/
|
115 |
-
class
|
116 |
function get_name() {
|
117 |
return "HMAC-SHA1";
|
118 |
}
|
@@ -126,7 +126,7 @@ class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod {
|
|
126 |
($token) ? $token->secret : ""
|
127 |
);
|
128 |
|
129 |
-
$key_parts =
|
130 |
$key = implode('&', $key_parts);
|
131 |
|
132 |
return base64_encode(hash_hmac('sha1', $base_string, $key, true));
|
@@ -138,7 +138,7 @@ class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod {
|
|
138 |
* over a secure channel such as HTTPS. It does not use the Signature Base String.
|
139 |
* - Chapter 9.4 ("PLAINTEXT")
|
140 |
*/
|
141 |
-
class
|
142 |
public function get_name() {
|
143 |
return "PLAINTEXT";
|
144 |
}
|
@@ -150,7 +150,7 @@ class OAuthSignatureMethod_PLAINTEXT extends OAuthSignatureMethod {
|
|
150 |
* - Chapter 9.4.1 ("Generating Signatures")
|
151 |
*
|
152 |
* Please note that the second encoding MUST NOT happen in the SignatureMethod, as
|
153 |
-
*
|
154 |
*/
|
155 |
public function build_signature($request, $consumer, $token) {
|
156 |
$key_parts = array(
|
@@ -158,7 +158,7 @@ class OAuthSignatureMethod_PLAINTEXT extends OAuthSignatureMethod {
|
|
158 |
($token) ? $token->secret : ""
|
159 |
);
|
160 |
|
161 |
-
$key_parts =
|
162 |
$key = implode('&', $key_parts);
|
163 |
$request->base_string = $key;
|
164 |
|
@@ -174,7 +174,7 @@ class OAuthSignatureMethod_PLAINTEXT extends OAuthSignatureMethod {
|
|
174 |
* specification.
|
175 |
* - Chapter 9.3 ("RSA-SHA1")
|
176 |
*/
|
177 |
-
abstract class
|
178 |
public function get_name() {
|
179 |
return "RSA-SHA1";
|
180 |
}
|
@@ -233,7 +233,7 @@ abstract class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod {
|
|
233 |
}
|
234 |
}
|
235 |
|
236 |
-
class
|
237 |
protected $parameters;
|
238 |
protected $http_method;
|
239 |
protected $http_url;
|
@@ -244,7 +244,7 @@ class OAuthRequest {
|
|
244 |
|
245 |
function __construct($http_method, $http_url, $parameters=NULL) {
|
246 |
$parameters = ($parameters) ? $parameters : array();
|
247 |
-
$parameters = array_merge(
|
248 |
$this->parameters = $parameters;
|
249 |
$this->http_method = $http_method;
|
250 |
$this->http_url = $http_url;
|
@@ -271,10 +271,10 @@ class OAuthRequest {
|
|
271 |
// parsed parameter-list
|
272 |
if (!$parameters) {
|
273 |
// Find request headers
|
274 |
-
$request_headers =
|
275 |
|
276 |
// Parse the query-string to find GET parameters
|
277 |
-
$parameters =
|
278 |
|
279 |
// It's a POST request of the proper content-type, so parse POST
|
280 |
// parameters and add those overriding any duplicates from GET
|
@@ -283,7 +283,7 @@ class OAuthRequest {
|
|
283 |
&& strstr($request_headers['Content-Type'],
|
284 |
'application/x-www-form-urlencoded')
|
285 |
) {
|
286 |
-
$post_data =
|
287 |
file_get_contents(self::$POST_INPUT)
|
288 |
);
|
289 |
$parameters = array_merge($parameters, $post_data);
|
@@ -292,7 +292,7 @@ class OAuthRequest {
|
|
292 |
// We have a Authorization-header with OAuth data. Parse the header
|
293 |
// and add those overriding any duplicates from GET or POST
|
294 |
if (isset($request_headers['Authorization']) && substr($request_headers['Authorization'], 0, 6) == 'OAuth ') {
|
295 |
-
$header_parameters =
|
296 |
$request_headers['Authorization']
|
297 |
);
|
298 |
$parameters = array_merge($parameters, $header_parameters);
|
@@ -300,7 +300,7 @@ class OAuthRequest {
|
|
300 |
|
301 |
}
|
302 |
|
303 |
-
return new
|
304 |
}
|
305 |
|
306 |
/**
|
@@ -308,16 +308,16 @@ class OAuthRequest {
|
|
308 |
*/
|
309 |
public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=NULL) {
|
310 |
$parameters = ($parameters) ? $parameters : array();
|
311 |
-
$defaults = array("oauth_version" =>
|
312 |
-
"oauth_nonce" =>
|
313 |
-
"oauth_timestamp" =>
|
314 |
"oauth_consumer_key" => $consumer->key);
|
315 |
if ($token)
|
316 |
$defaults['oauth_token'] = $token->key;
|
317 |
|
318 |
$parameters = array_merge($defaults, $parameters);
|
319 |
|
320 |
-
return new
|
321 |
}
|
322 |
|
323 |
public function set_parameter($name, $value, $allow_duplicates = true) {
|
@@ -361,7 +361,7 @@ class OAuthRequest {
|
|
361 |
unset($params['oauth_signature']);
|
362 |
}
|
363 |
|
364 |
-
return
|
365 |
}
|
366 |
|
367 |
/**
|
@@ -378,7 +378,7 @@ class OAuthRequest {
|
|
378 |
$this->get_signable_parameters()
|
379 |
);
|
380 |
|
381 |
-
$parts =
|
382 |
|
383 |
return implode('&', $parts);
|
384 |
}
|
@@ -425,7 +425,7 @@ class OAuthRequest {
|
|
425 |
* builds the data one would send in a POST request
|
426 |
*/
|
427 |
public function to_postdata() {
|
428 |
-
return
|
429 |
}
|
430 |
|
431 |
/**
|
@@ -434,7 +434,7 @@ class OAuthRequest {
|
|
434 |
public function to_header($realm=null) {
|
435 |
$first = true;
|
436 |
if($realm) {
|
437 |
-
$out = 'Authorization: OAuth realm="' .
|
438 |
$first = false;
|
439 |
} else
|
440 |
$out = 'Authorization: OAuth';
|
@@ -443,12 +443,12 @@ class OAuthRequest {
|
|
443 |
foreach ($this->parameters as $k => $v) {
|
444 |
if (substr($k, 0, 5) != "oauth") continue;
|
445 |
if (is_array($v)) {
|
446 |
-
throw new
|
447 |
}
|
448 |
$out .= ($first) ? ' ' : ',';
|
449 |
-
$out .=
|
450 |
'="' .
|
451 |
-
|
452 |
'"';
|
453 |
$first = false;
|
454 |
}
|
@@ -493,7 +493,7 @@ class OAuthRequest {
|
|
493 |
}
|
494 |
}
|
495 |
|
496 |
-
class
|
497 |
protected $timestamp_threshold = 300; // in seconds, five minutes
|
498 |
protected $version = '1.0'; // hi blaine
|
499 |
protected $signature_methods = array();
|
@@ -576,7 +576,7 @@ class OAuthServer {
|
|
576 |
$version = '1.0';
|
577 |
}
|
578 |
if ($version !== $this->version) {
|
579 |
-
throw new
|
580 |
}
|
581 |
return $version;
|
582 |
}
|
@@ -585,19 +585,19 @@ class OAuthServer {
|
|
585 |
* figure out the signature with some defaults
|
586 |
*/
|
587 |
private function get_signature_method($request) {
|
588 |
-
$signature_method = $request instanceof
|
589 |
? $request->get_parameter("oauth_signature_method")
|
590 |
: NULL;
|
591 |
|
592 |
if (!$signature_method) {
|
593 |
// According to chapter 7 ("Accessing Protected Ressources") the signature-method
|
594 |
// parameter is required, and we can't just fallback to PLAINTEXT
|
595 |
-
throw new
|
596 |
}
|
597 |
|
598 |
if (!in_array($signature_method,
|
599 |
array_keys($this->signature_methods))) {
|
600 |
-
throw new
|
601 |
"Signature method '$signature_method' not supported " .
|
602 |
"try one of the following: " .
|
603 |
implode(", ", array_keys($this->signature_methods))
|
@@ -610,17 +610,17 @@ class OAuthServer {
|
|
610 |
* try to find the consumer for the provided request's consumer key
|
611 |
*/
|
612 |
private function get_consumer($request) {
|
613 |
-
$consumer_key = $request instanceof
|
614 |
? $request->get_parameter("oauth_consumer_key")
|
615 |
: NULL;
|
616 |
|
617 |
if (!$consumer_key) {
|
618 |
-
throw new
|
619 |
}
|
620 |
|
621 |
$consumer = $this->data_store->lookup_consumer($consumer_key);
|
622 |
if (!$consumer) {
|
623 |
-
throw new
|
624 |
}
|
625 |
|
626 |
return $consumer;
|
@@ -630,7 +630,7 @@ class OAuthServer {
|
|
630 |
* try to find the token for the provided request's token key
|
631 |
*/
|
632 |
private function get_token($request, $consumer, $token_type="access") {
|
633 |
-
$token_field = $request instanceof
|
634 |
? $request->get_parameter('oauth_token')
|
635 |
: NULL;
|
636 |
|
@@ -638,7 +638,7 @@ class OAuthServer {
|
|
638 |
$consumer, $token_type, $token_field
|
639 |
);
|
640 |
if (!$token) {
|
641 |
-
throw new
|
642 |
}
|
643 |
return $token;
|
644 |
}
|
@@ -649,10 +649,10 @@ class OAuthServer {
|
|
649 |
*/
|
650 |
private function check_signature($request, $consumer, $token) {
|
651 |
// this should probably be in a different method
|
652 |
-
$timestamp = $request instanceof
|
653 |
? $request->get_parameter('oauth_timestamp')
|
654 |
: NULL;
|
655 |
-
$nonce = $request instanceof
|
656 |
? $request->get_parameter('oauth_nonce')
|
657 |
: NULL;
|
658 |
|
@@ -670,7 +670,7 @@ class OAuthServer {
|
|
670 |
);
|
671 |
|
672 |
if (!$valid_sig) {
|
673 |
-
throw new
|
674 |
}
|
675 |
}
|
676 |
|
@@ -679,14 +679,14 @@ class OAuthServer {
|
|
679 |
*/
|
680 |
private function check_timestamp($timestamp) {
|
681 |
if( ! $timestamp )
|
682 |
-
throw new
|
683 |
'Missing timestamp parameter. The parameter is required'
|
684 |
);
|
685 |
|
686 |
// verify that timestamp is recentish
|
687 |
$now = time();
|
688 |
if (abs($now - $timestamp) > $this->timestamp_threshold) {
|
689 |
-
throw new
|
690 |
"Expired timestamp, yours $timestamp, ours $now"
|
691 |
);
|
692 |
}
|
@@ -697,7 +697,7 @@ class OAuthServer {
|
|
697 |
*/
|
698 |
private function check_nonce($consumer, $token, $nonce, $timestamp) {
|
699 |
if( ! $nonce )
|
700 |
-
throw new
|
701 |
'Missing nonce parameter. The parameter is required'
|
702 |
);
|
703 |
|
@@ -709,13 +709,13 @@ class OAuthServer {
|
|
709 |
$timestamp
|
710 |
);
|
711 |
if ($found) {
|
712 |
-
throw new
|
713 |
}
|
714 |
}
|
715 |
|
716 |
}
|
717 |
|
718 |
-
class
|
719 |
function lookup_consumer($consumer_key) {
|
720 |
// implement me
|
721 |
}
|
@@ -741,10 +741,10 @@ class OAuthDataStore {
|
|
741 |
|
742 |
}
|
743 |
|
744 |
-
class
|
745 |
public static function urlencode_rfc3986($input) {
|
746 |
if (is_array($input)) {
|
747 |
-
return array_map(array('
|
748 |
} else if (is_scalar($input)) {
|
749 |
return str_replace(
|
750 |
'+',
|
@@ -773,7 +773,7 @@ class OAuthUtil {
|
|
773 |
$params = array();
|
774 |
if (preg_match_all('/('.($only_allow_oauth_parameters ? 'oauth_' : '').'[a-z_-]*)=(:?"([^"]*)"|([^,]*))/', $header, $matches)) {
|
775 |
foreach ($matches[1] as $i => $h) {
|
776 |
-
$params[$h] =
|
777 |
}
|
778 |
if (isset($params['realm'])) {
|
779 |
unset($params['realm']);
|
@@ -839,8 +839,8 @@ class OAuthUtil {
|
|
839 |
$parsed_parameters = array();
|
840 |
foreach ($pairs as $pair) {
|
841 |
$split = explode('=', $pair, 2);
|
842 |
-
$parameter =
|
843 |
-
$value = isset($split[1]) ?
|
844 |
|
845 |
if (isset($parsed_parameters[$parameter])) {
|
846 |
// We have already recieved parameter(s) with this name, so add to the list
|
@@ -864,8 +864,8 @@ class OAuthUtil {
|
|
864 |
if (!$params) return '';
|
865 |
|
866 |
// Urlencode both keys and values
|
867 |
-
$keys =
|
868 |
-
$values =
|
869 |
$params = array_combine($keys, $values);
|
870 |
|
871 |
// Parameters are sorted by name, using lexicographical byte value ordering.
|
3 |
|
4 |
/* Generic exception class
|
5 |
*/
|
6 |
+
class Yoast_OAuthException extends Exception {
|
7 |
// pass
|
8 |
}
|
9 |
|
10 |
+
class Yoast_OAuthConsumer {
|
11 |
public $key;
|
12 |
public $secret;
|
13 |
|
18 |
}
|
19 |
|
20 |
function __toString() {
|
21 |
+
return "Yoast_OAuthConsumer[key=$this->key,secret=$this->secret]";
|
22 |
}
|
23 |
}
|
24 |
|
25 |
+
class Yoast_OAuthToken {
|
26 |
// access tokens and request tokens
|
27 |
public $key;
|
28 |
public $secret;
|
42 |
*/
|
43 |
function to_string() {
|
44 |
return "oauth_token=" .
|
45 |
+
Yoast_OAuthUtil::urlencode_rfc3986($this->key) .
|
46 |
"&oauth_token_secret=" .
|
47 |
+
Yoast_OAuthUtil::urlencode_rfc3986($this->secret);
|
48 |
}
|
49 |
|
50 |
function __toString() {
|
56 |
* A class for implementing a Signature Method
|
57 |
* See section 9 ("Signing Requests") in the spec
|
58 |
*/
|
59 |
+
abstract class Yoast_OAuthSignatureMethod {
|
60 |
/**
|
61 |
* Needs to return the name of the Signature Method (ie HMAC-SHA1)
|
62 |
* @return string
|
66 |
/**
|
67 |
* Build up the signature
|
68 |
* NOTE: The output of this function MUST NOT be urlencoded.
|
69 |
+
* the encoding is handled in Yoast_OAuthRequest when the final
|
70 |
* request is serialized
|
71 |
+
* @param Yoast_OAuthRequest $request
|
72 |
+
* @param Yoast_OAuthConsumer $consumer
|
73 |
+
* @param Yoast_OAuthToken $token
|
74 |
* @return string
|
75 |
*/
|
76 |
abstract public function build_signature($request, $consumer, $token);
|
77 |
|
78 |
/**
|
79 |
* Verifies that a given signature is correct
|
80 |
+
* @param Yoast_OAuthRequest $request
|
81 |
+
* @param Yoast_OAuthConsumer $consumer
|
82 |
+
* @param Yoast_OAuthToken $token
|
83 |
* @param string $signature
|
84 |
* @return bool
|
85 |
*/
|
112 |
* character (ASCII code 38) even if empty.
|
113 |
* - Chapter 9.2 ("HMAC-SHA1")
|
114 |
*/
|
115 |
+
class Yoast_OAuthSignatureMethod_HMAC_SHA1 extends Yoast_OAuthSignatureMethod {
|
116 |
function get_name() {
|
117 |
return "HMAC-SHA1";
|
118 |
}
|
126 |
($token) ? $token->secret : ""
|
127 |
);
|
128 |
|
129 |
+
$key_parts = Yoast_OAuthUtil::urlencode_rfc3986($key_parts);
|
130 |
$key = implode('&', $key_parts);
|
131 |
|
132 |
return base64_encode(hash_hmac('sha1', $base_string, $key, true));
|
138 |
* over a secure channel such as HTTPS. It does not use the Signature Base String.
|
139 |
* - Chapter 9.4 ("PLAINTEXT")
|
140 |
*/
|
141 |
+
class Yoast_OAuthSignatureMethod_PLAINTEXT extends Yoast_OAuthSignatureMethod {
|
142 |
public function get_name() {
|
143 |
return "PLAINTEXT";
|
144 |
}
|
150 |
* - Chapter 9.4.1 ("Generating Signatures")
|
151 |
*
|
152 |
* Please note that the second encoding MUST NOT happen in the SignatureMethod, as
|
153 |
+
* Yoast_OAuthRequest handles this!
|
154 |
*/
|
155 |
public function build_signature($request, $consumer, $token) {
|
156 |
$key_parts = array(
|
158 |
($token) ? $token->secret : ""
|
159 |
);
|
160 |
|
161 |
+
$key_parts = Yoast_OAuthUtil::urlencode_rfc3986($key_parts);
|
162 |
$key = implode('&', $key_parts);
|
163 |
$request->base_string = $key;
|
164 |
|
174 |
* specification.
|
175 |
* - Chapter 9.3 ("RSA-SHA1")
|
176 |
*/
|
177 |
+
abstract class Yoast_OAuthSignatureMethod_RSA_SHA1 extends Yoast_OAuthSignatureMethod {
|
178 |
public function get_name() {
|
179 |
return "RSA-SHA1";
|
180 |
}
|
233 |
}
|
234 |
}
|
235 |
|
236 |
+
class Yoast_OAuthRequest {
|
237 |
protected $parameters;
|
238 |
protected $http_method;
|
239 |
protected $http_url;
|
244 |
|
245 |
function __construct($http_method, $http_url, $parameters=NULL) {
|
246 |
$parameters = ($parameters) ? $parameters : array();
|
247 |
+
$parameters = array_merge( Yoast_OAuthUtil::parse_parameters(parse_url($http_url, PHP_URL_QUERY)), $parameters);
|
248 |
$this->parameters = $parameters;
|
249 |
$this->http_method = $http_method;
|
250 |
$this->http_url = $http_url;
|
271 |
// parsed parameter-list
|
272 |
if (!$parameters) {
|
273 |
// Find request headers
|
274 |
+
$request_headers = Yoast_OAuthUtil::get_headers();
|
275 |
|
276 |
// Parse the query-string to find GET parameters
|
277 |
+
$parameters = Yoast_OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
|
278 |
|
279 |
// It's a POST request of the proper content-type, so parse POST
|
280 |
// parameters and add those overriding any duplicates from GET
|
283 |
&& strstr($request_headers['Content-Type'],
|
284 |
'application/x-www-form-urlencoded')
|
285 |
) {
|
286 |
+
$post_data = Yoast_OAuthUtil::parse_parameters(
|
287 |
file_get_contents(self::$POST_INPUT)
|
288 |
);
|
289 |
$parameters = array_merge($parameters, $post_data);
|
292 |
// We have a Authorization-header with OAuth data. Parse the header
|
293 |
// and add those overriding any duplicates from GET or POST
|
294 |
if (isset($request_headers['Authorization']) && substr($request_headers['Authorization'], 0, 6) == 'OAuth ') {
|
295 |
+
$header_parameters = Yoast_OAuthUtil::split_header(
|
296 |
$request_headers['Authorization']
|
297 |
);
|
298 |
$parameters = array_merge($parameters, $header_parameters);
|
300 |
|
301 |
}
|
302 |
|
303 |
+
return new Yoast_OAuthRequest($http_method, $http_url, $parameters);
|
304 |
}
|
305 |
|
306 |
/**
|
308 |
*/
|
309 |
public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=NULL) {
|
310 |
$parameters = ($parameters) ? $parameters : array();
|
311 |
+
$defaults = array("oauth_version" => Yoast_OAuthRequest::$version,
|
312 |
+
"oauth_nonce" => Yoast_OAuthRequest::generate_nonce(),
|
313 |
+
"oauth_timestamp" => Yoast_OAuthRequest::generate_timestamp(),
|
314 |
"oauth_consumer_key" => $consumer->key);
|
315 |
if ($token)
|
316 |
$defaults['oauth_token'] = $token->key;
|
317 |
|
318 |
$parameters = array_merge($defaults, $parameters);
|
319 |
|
320 |
+
return new Yoast_OAuthRequest($http_method, $http_url, $parameters);
|
321 |
}
|
322 |
|
323 |
public function set_parameter($name, $value, $allow_duplicates = true) {
|
361 |
unset($params['oauth_signature']);
|
362 |
}
|
363 |
|
364 |
+
return Yoast_OAuthUtil::build_http_query($params);
|
365 |
}
|
366 |
|
367 |
/**
|
378 |
$this->get_signable_parameters()
|
379 |
);
|
380 |
|
381 |
+
$parts = Yoast_OAuthUtil::urlencode_rfc3986($parts);
|
382 |
|
383 |
return implode('&', $parts);
|
384 |
}
|
425 |
* builds the data one would send in a POST request
|
426 |
*/
|
427 |
public function to_postdata() {
|
428 |
+
return Yoast_OAuthUtil::build_http_query($this->parameters);
|
429 |
}
|
430 |
|
431 |
/**
|
434 |
public function to_header($realm=null) {
|
435 |
$first = true;
|
436 |
if($realm) {
|
437 |
+
$out = 'Authorization: OAuth realm="' . Yoast_OAuthUtil::urlencode_rfc3986($realm) . '"';
|
438 |
$first = false;
|
439 |
} else
|
440 |
$out = 'Authorization: OAuth';
|
443 |
foreach ($this->parameters as $k => $v) {
|
444 |
if (substr($k, 0, 5) != "oauth") continue;
|
445 |
if (is_array($v)) {
|
446 |
+
throw new Yoast_OAuthException('Arrays not supported in headers');
|
447 |
}
|
448 |
$out .= ($first) ? ' ' : ',';
|
449 |
+
$out .= Yoast_OAuthUtil::urlencode_rfc3986($k) .
|
450 |
'="' .
|
451 |
+
Yoast_OAuthUtil::urlencode_rfc3986($v) .
|
452 |
'"';
|
453 |
$first = false;
|
454 |
}
|
493 |
}
|
494 |
}
|
495 |
|
496 |
+
class Yoast_OAuthServer {
|
497 |
protected $timestamp_threshold = 300; // in seconds, five minutes
|
498 |
protected $version = '1.0'; // hi blaine
|
499 |
protected $signature_methods = array();
|
576 |
$version = '1.0';
|
577 |
}
|
578 |
if ($version !== $this->version) {
|
579 |
+
throw new Yoast_OAuthException("OAuth version '$version' not supported");
|
580 |
}
|
581 |
return $version;
|
582 |
}
|
585 |
* figure out the signature with some defaults
|
586 |
*/
|
587 |
private function get_signature_method($request) {
|
588 |
+
$signature_method = $request instanceof Yoast_OAuthRequest
|
589 |
? $request->get_parameter("oauth_signature_method")
|
590 |
: NULL;
|
591 |
|
592 |
if (!$signature_method) {
|
593 |
// According to chapter 7 ("Accessing Protected Ressources") the signature-method
|
594 |
// parameter is required, and we can't just fallback to PLAINTEXT
|
595 |
+
throw new Yoast_OAuthException('No signature method parameter. This parameter is required');
|
596 |
}
|
597 |
|
598 |
if (!in_array($signature_method,
|
599 |
array_keys($this->signature_methods))) {
|
600 |
+
throw new Yoast_OAuthException(
|
601 |
"Signature method '$signature_method' not supported " .
|
602 |
"try one of the following: " .
|
603 |
implode(", ", array_keys($this->signature_methods))
|
610 |
* try to find the consumer for the provided request's consumer key
|
611 |
*/
|
612 |
private function get_consumer($request) {
|
613 |
+
$consumer_key = $request instanceof Yoast_OAuthRequest
|
614 |
? $request->get_parameter("oauth_consumer_key")
|
615 |
: NULL;
|
616 |
|
617 |
if (!$consumer_key) {
|
618 |
+
throw new Yoast_OAuthException("Invalid consumer key");
|
619 |
}
|
620 |
|
621 |
$consumer = $this->data_store->lookup_consumer($consumer_key);
|
622 |
if (!$consumer) {
|
623 |
+
throw new Yoast_OAuthException("Invalid consumer");
|
624 |
}
|
625 |
|
626 |
return $consumer;
|
630 |
* try to find the token for the provided request's token key
|
631 |
*/
|
632 |
private function get_token($request, $consumer, $token_type="access") {
|
633 |
+
$token_field = $request instanceof Yoast_OAuthRequest
|
634 |
? $request->get_parameter('oauth_token')
|
635 |
: NULL;
|
636 |
|
638 |
$consumer, $token_type, $token_field
|
639 |
);
|
640 |
if (!$token) {
|
641 |
+
throw new Yoast_OAuthException("Invalid $token_type token: $token_field");
|
642 |
}
|
643 |
return $token;
|
644 |
}
|
649 |
*/
|
650 |
private function check_signature($request, $consumer, $token) {
|
651 |
// this should probably be in a different method
|
652 |
+
$timestamp = $request instanceof Yoast_OAuthRequest
|
653 |
? $request->get_parameter('oauth_timestamp')
|
654 |
: NULL;
|
655 |
+
$nonce = $request instanceof Yoast_OAuthRequest
|
656 |
? $request->get_parameter('oauth_nonce')
|
657 |
: NULL;
|
658 |
|
670 |
);
|
671 |
|
672 |
if (!$valid_sig) {
|
673 |
+
throw new Yoast_OAuthException("Invalid signature");
|
674 |
}
|
675 |
}
|
676 |
|
679 |
*/
|
680 |
private function check_timestamp($timestamp) {
|
681 |
if( ! $timestamp )
|
682 |
+
throw new Yoast_OAuthException(
|
683 |
'Missing timestamp parameter. The parameter is required'
|
684 |
);
|
685 |
|
686 |
// verify that timestamp is recentish
|
687 |
$now = time();
|
688 |
if (abs($now - $timestamp) > $this->timestamp_threshold) {
|
689 |
+
throw new Yoast_OAuthException(
|
690 |
"Expired timestamp, yours $timestamp, ours $now"
|
691 |
);
|
692 |
}
|
697 |
*/
|
698 |
private function check_nonce($consumer, $token, $nonce, $timestamp) {
|
699 |
if( ! $nonce )
|
700 |
+
throw new Yoast_OAuthException(
|
701 |
'Missing nonce parameter. The parameter is required'
|
702 |
);
|
703 |
|
709 |
$timestamp
|
710 |
);
|
711 |
if ($found) {
|
712 |
+
throw new Yoast_OAuthException("Nonce already used: $nonce");
|
713 |
}
|
714 |
}
|
715 |
|
716 |
}
|
717 |
|
718 |
+
class Yoast_OAuthDataStore {
|
719 |
function lookup_consumer($consumer_key) {
|
720 |
// implement me
|
721 |
}
|
741 |
|
742 |
}
|
743 |
|
744 |
+
class Yoast_OAuthUtil {
|
745 |
public static function urlencode_rfc3986($input) {
|
746 |
if (is_array($input)) {
|
747 |
+
return array_map(array('Yoast_OAuthUtil', 'urlencode_rfc3986'), $input);
|
748 |
} else if (is_scalar($input)) {
|
749 |
return str_replace(
|
750 |
'+',
|
773 |
$params = array();
|
774 |
if (preg_match_all('/('.($only_allow_oauth_parameters ? 'oauth_' : '').'[a-z_-]*)=(:?"([^"]*)"|([^,]*))/', $header, $matches)) {
|
775 |
foreach ($matches[1] as $i => $h) {
|
776 |
+
$params[$h] = Yoast_OAuthUtil::urldecode_rfc3986(empty($matches[3][$i]) ? $matches[4][$i] : $matches[3][$i]);
|
777 |
}
|
778 |
if (isset($params['realm'])) {
|
779 |
unset($params['realm']);
|
839 |
$parsed_parameters = array();
|
840 |
foreach ($pairs as $pair) {
|
841 |
$split = explode('=', $pair, 2);
|
842 |
+
$parameter = Yoast_OAuthUtil::urldecode_rfc3986($split[0]);
|
843 |
+
$value = isset($split[1]) ? Yoast_OAuthUtil::urldecode_rfc3986($split[1]) : '';
|
844 |
|
845 |
if (isset($parsed_parameters[$parameter])) {
|
846 |
// We have already recieved parameter(s) with this name, so add to the list
|
864 |
if (!$params) return '';
|
865 |
|
866 |
// Urlencode both keys and values
|
867 |
+
$keys = Yoast_OAuthUtil::urlencode_rfc3986(array_keys($params));
|
868 |
+
$values = Yoast_OAuthUtil::urlencode_rfc3986(array_values($params));
|
869 |
$params = array_combine($keys, $values);
|
870 |
|
871 |
// Parameters are sorted by name, using lexicographical byte value ordering.
|
wp-gdata/wp-gdata.php
CHANGED
@@ -6,7 +6,7 @@
|
|
6 |
*/
|
7 |
|
8 |
// Load the OAuth library.
|
9 |
-
if ( ! class_exists( '
|
10 |
require( 'OAuth.php' );
|
11 |
|
12 |
class WP_GData {
|
@@ -19,11 +19,11 @@ class WP_GData {
|
|
19 |
|
20 |
function __construct( $parameters = array(), $oauth_token = null, $oauth_token_secret = null ) {
|
21 |
$this->parameters = $parameters;
|
22 |
-
$this->signature_method = new
|
23 |
-
$this->consumer = new
|
24 |
|
25 |
if ( !empty( $oauth_token ) && !empty( $oauth_token_secret ) )
|
26 |
-
$this->token = new
|
27 |
else
|
28 |
$this->token = null;
|
29 |
}
|
@@ -34,8 +34,8 @@ class WP_GData {
|
|
34 |
$parameters['oauth_callback'] = $oauth_callback;
|
35 |
|
36 |
$request = $this->oauth_request( self::request_token_url, 'GET', $parameters );
|
37 |
-
$token =
|
38 |
-
$this->token = new
|
39 |
return $token;
|
40 |
}
|
41 |
|
@@ -43,7 +43,7 @@ class WP_GData {
|
|
43 |
* Format and sign an OAuth / API request
|
44 |
*/
|
45 |
private function oauth_request( $url, $method, $parameters ) {
|
46 |
-
$request =
|
47 |
$request->sign_request( $this->signature_method, $this->consumer, $this->token );
|
48 |
|
49 |
if ( 'GET' == $method )
|
@@ -72,8 +72,8 @@ class WP_GData {
|
|
72 |
$parameters['oauth_verifier'] = $oauth_verifier;
|
73 |
|
74 |
$request = $this->oauth_request( self::access_token_url, 'GET', $parameters );
|
75 |
-
$token =
|
76 |
-
$this->token = new
|
77 |
return $token;
|
78 |
}
|
79 |
|
6 |
*/
|
7 |
|
8 |
// Load the OAuth library.
|
9 |
+
if ( ! class_exists( 'Yoast_OAuthConsumer' ) )
|
10 |
require( 'OAuth.php' );
|
11 |
|
12 |
class WP_GData {
|
19 |
|
20 |
function __construct( $parameters = array(), $oauth_token = null, $oauth_token_secret = null ) {
|
21 |
$this->parameters = $parameters;
|
22 |
+
$this->signature_method = new Yoast_OAuthSignatureMethod_HMAC_SHA1();
|
23 |
+
$this->consumer = new Yoast_OAuthConsumer( 'anonymous', 'anonymous' );
|
24 |
|
25 |
if ( !empty( $oauth_token ) && !empty( $oauth_token_secret ) )
|
26 |
+
$this->token = new Yoast_OAuthConsumer( $oauth_token, $oauth_token_secret );
|
27 |
else
|
28 |
$this->token = null;
|
29 |
}
|
34 |
$parameters['oauth_callback'] = $oauth_callback;
|
35 |
|
36 |
$request = $this->oauth_request( self::request_token_url, 'GET', $parameters );
|
37 |
+
$token = Yoast_OAuthUtil::parse_parameters( wp_remote_retrieve_body( $request ) );
|
38 |
+
$this->token = new Yoast_OAuthConsumer( $token['oauth_token'], $token['oauth_token_secret'] );
|
39 |
return $token;
|
40 |
}
|
41 |
|
43 |
* Format and sign an OAuth / API request
|
44 |
*/
|
45 |
private function oauth_request( $url, $method, $parameters ) {
|
46 |
+
$request = Yoast_OAuthRequest::from_consumer_and_token( $this->consumer, $this->token, $method, $url, $parameters );
|
47 |
$request->sign_request( $this->signature_method, $this->consumer, $this->token );
|
48 |
|
49 |
if ( 'GET' == $method )
|
72 |
$parameters['oauth_verifier'] = $oauth_verifier;
|
73 |
|
74 |
$request = $this->oauth_request( self::access_token_url, 'GET', $parameters );
|
75 |
+
$token = Yoast_OAuthUtil::parse_parameters( wp_remote_retrieve_body( $request ) );
|
76 |
+
$this->token = new Yoast_OAuthConsumer( $token['oauth_token'], $token['oauth_token_secret'] );
|
77 |
return $token;
|
78 |
}
|
79 |
|