Na}{

Path: ~/home/getwphos/public_html/almajd14/wp-content/plugins/woocommerce/includes/

File Content: `class-wc-auth.php`

<?php
/**
 * WooCommerce Auth
 *
 * Handles wc-auth endpoint requests.
 *
 * @package WooCommerce\RestApi
 * @since   2.4.0
 */

defined( 'ABSPATH' ) || exit;

/**
 * Auth class.
 */
class WC_Auth {

	/**
	 * Version.
	 *
	 * @var int
	 */
	const VERSION = 1;

	/**
	 * Setup class.
	 *
	 * @since 2.4.0
	 */
	public function __construct() {
		// Add query vars.
		add_filter( 'query_vars', array( $this, 'add_query_vars' ), 0 );

		// Register auth endpoint.
		add_action( 'init', array( __CLASS__, 'add_endpoint' ), 0 );

		// Handle auth requests.
		add_action( 'parse_request', array( $this, 'handle_auth_requests' ), 0 );
	}

	/**
	 * Add query vars.
	 *
	 * @since  2.4.0
	 * @param  array $vars Query variables.
	 * @return string[]
	 */
	public function add_query_vars( $vars ) {
		$vars[] = 'wc-auth-version';
		$vars[] = 'wc-auth-route';
		return $vars;
	}

	/**
	 * Add auth endpoint.
	 *
	 * @since 2.4.0
	 */
	public static function add_endpoint() {
		add_rewrite_rule( '^wc-auth/v([1]{1})/(.*)?', 'index.php?wc-auth-version=$matches[1]&wc-auth-route=$matches[2]', 'top' );
	}

	/**
	 * Get scope name.
	 *
	 * @since 2.4.0
	 * @param  string $scope Permission scope.
	 * @return string
	 */
	protected function get_i18n_scope( $scope ) {
		$permissions = array(
			'read'       => __( 'Read', 'woocommerce' ),
			'write'      => __( 'Write', 'woocommerce' ),
			'read_write' => __( 'Read/Write', 'woocommerce' ),
		);

		return $permissions[ $scope ];
	}

	/**
	 * Return a list of permissions a scope allows.
	 *
	 * @since  2.4.0
	 * @param  string $scope Permission scope.
	 * @return array
	 */
	protected function get_permissions_in_scope( $scope ) {
		$permissions = array();
		switch ( $scope ) {
			case 'read':
				$permissions[] = __( 'View coupons', 'woocommerce' );
				$permissions[] = __( 'View customers', 'woocommerce' );
				$permissions[] = __( 'View orders and sales reports', 'woocommerce' );
				$permissions[] = __( 'View products', 'woocommerce' );
				break;
			case 'write':
				$permissions[] = __( 'Create webhooks', 'woocommerce' );
				$permissions[] = __( 'Create coupons', 'woocommerce' );
				$permissions[] = __( 'Create customers', 'woocommerce' );
				$permissions[] = __( 'Create orders', 'woocommerce' );
				$permissions[] = __( 'Create products', 'woocommerce' );
				break;
			case 'read_write':
				$permissions[] = __( 'Create webhooks', 'woocommerce' );
				$permissions[] = __( 'View and manage coupons', 'woocommerce' );
				$permissions[] = __( 'View and manage customers', 'woocommerce' );
				$permissions[] = __( 'View and manage orders and sales reports', 'woocommerce' );
				$permissions[] = __( 'View and manage products', 'woocommerce' );
				break;
		}
		return apply_filters( 'woocommerce_api_permissions_in_scope', $permissions, $scope );
	}

	/**
	 * Build auth urls.
	 *
	 * @since  2.4.0
	 * @param  array  $data     Data to build URL.
	 * @param  string $endpoint Endpoint.
	 * @return string
	 */
	protected function build_url( $data, $endpoint ) {
		$url = wc_get_endpoint_url( 'wc-auth/v' . self::VERSION, $endpoint, home_url( '/' ) );

		return add_query_arg(
			array(
				'app_name'     => wc_clean( $data['app_name'] ),
				'user_id'      => wc_clean( $data['user_id'] ),
				'return_url'   => rawurlencode( $this->get_formatted_url( $data['return_url'] ) ),
				'callback_url' => rawurlencode( $this->get_formatted_url( $data['callback_url'] ) ),
				'scope'        => wc_clean( $data['scope'] ),
			),
			$url
		);
	}

	/**
	 * Decode and format a URL.
	 *
	 * @param  string $url URL.
	 * @return string
	 */
	protected function get_formatted_url( $url ) {
		$url = urldecode( $url );

		if ( ! strstr( $url, '://' ) ) {
			$url = 'https://' . $url;
		}

		return $url;
	}

	/**
	 * Make validation.
	 *
	 * @since  2.4.0
	 * @throws Exception When validate fails.
	 */
	protected function make_validation() {
		$data   = array();
		$params = array(
			'app_name',
			'user_id',
			'return_url',
			'callback_url',
			'scope',
		);

		foreach ( $params as $param ) {
			if ( empty( $_REQUEST[ $param ] ) ) { // WPCS: input var ok, CSRF ok.
				/* translators: %s: parameter */
				throw new Exception( sprintf( __( 'Missing parameter %s', 'woocommerce' ), $param ) );
			}

			$data[ $param ] = wp_unslash( $_REQUEST[ $param ] ); // WPCS: input var ok, CSRF ok, sanitization ok.
		}

		if ( ! in_array( $data['scope'], array( 'read', 'write', 'read_write' ), true ) ) {
			/* translators: %s: scope */
			throw new Exception( sprintf( __( 'Invalid scope %s', 'woocommerce' ), wc_clean( $data['scope'] ) ) );
		}

		foreach ( array( 'return_url', 'callback_url' ) as $param ) {
			$param = $this->get_formatted_url( $data[ $param ] );

			if ( false === filter_var( $param, FILTER_VALIDATE_URL ) ) {
				/* translators: %s: url */
				throw new Exception( sprintf( __( 'The %s is not a valid URL', 'woocommerce' ), $param ) );
			}
		}

		$callback_url = $this->get_formatted_url( $data['callback_url'] );

		if ( 0 !== stripos( $callback_url, 'https://' ) ) {
			throw new Exception( __( 'The callback_url needs to be over SSL', 'woocommerce' ) );
		}
	}

	/**
	 * Create keys.
	 *
	 * @since  2.4.0
	 *
	 * @param  string $app_name    App name.
	 * @param  string $app_user_id User ID.
	 * @param  string $scope       Scope.
	 *
	 * @return array
	 */
	protected function create_keys( $app_name, $app_user_id, $scope ) {
		global $wpdb;

		$description = sprintf(
			'%s - API (%s)',
			wc_trim_string( wc_clean( $app_name ), 170 ),
			gmdate( 'Y-m-d H:i:s' )
		);
		$user        = wp_get_current_user();

		// Created API keys.
		$permissions     = in_array( $scope, array( 'read', 'write', 'read_write' ), true ) ? sanitize_text_field( $scope ) : 'read';
		$consumer_key    = 'ck_' . wc_rand_hash();
		$consumer_secret = 'cs_' . wc_rand_hash();

		$wpdb->insert(
			$wpdb->prefix . 'woocommerce_api_keys',
			array(
				'user_id'         => $user->ID,
				'description'     => $description,
				'permissions'     => $permissions,
				'consumer_key'    => wc_api_hash( $consumer_key ),
				'consumer_secret' => $consumer_secret,
				'truncated_key'   => substr( $consumer_key, -7 ),
			),
			array(
				'%d',
				'%s',
				'%s',
				'%s',
				'%s',
				'%s',
			)
		);

		return array(
			'key_id'          => $wpdb->insert_id,
			'user_id'         => $app_user_id,
			'consumer_key'    => $consumer_key,
			'consumer_secret' => $consumer_secret,
			'key_permissions' => $permissions,
		);
	}

	/**
	 * Post consumer data.
	 *
	 * @since  2.4.0
	 *
	 * @throws Exception When validation fails.
	 * @param  array  $consumer_data Consumer data.
	 * @param  string $url           URL.
	 * @return bool
	 */
	protected function post_consumer_data( $consumer_data, $url ) {
		$params = array(
			'body'    => wp_json_encode( $consumer_data ),
			'timeout' => 60,
			'headers' => array(
				'Content-Type' => 'application/json;charset=' . get_bloginfo( 'charset' ),
			),
		);

		$response = wp_safe_remote_post( esc_url_raw( $url ), $params );

		if ( is_wp_error( $response ) ) {
			throw new Exception( $response->get_error_message() );
		} elseif ( 200 !== intval( $response['response']['code'] ) ) {
			throw new Exception( __( 'An error occurred in the request and at the time were unable to send the consumer data', 'woocommerce' ) );
		}

		return true;
	}

	/**
	 * Handle auth requests.
	 *
	 * @since 2.4.0
	 * @throws Exception When auth_endpoint validation fails.
	 */
	public function handle_auth_requests() {
		global $wp;

		if ( ! empty( $_GET['wc-auth-version'] ) ) { // WPCS: input var ok, CSRF ok.
			$wp->query_vars['wc-auth-version'] = wc_clean( wp_unslash( $_GET['wc-auth-version'] ) ); // WPCS: input var ok, CSRF ok.
		}

		if ( ! empty( $_GET['wc-auth-route'] ) ) { // WPCS: input var ok, CSRF ok.
			$wp->query_vars['wc-auth-route'] = wc_clean( wp_unslash( $_GET['wc-auth-route'] ) ); // WPCS: input var ok, CSRF ok.
		}

		// wc-auth endpoint requests.
		if ( ! empty( $wp->query_vars['wc-auth-version'] ) && ! empty( $wp->query_vars['wc-auth-route'] ) ) {
			$this->auth_endpoint( $wp->query_vars['wc-auth-route'] );
		}
	}

	/**
	 * Auth endpoint.
	 *
	 * @since 2.4.0
	 * @throws Exception When validation fails.
	 * @param string $route Route.
	 */
	protected function auth_endpoint( $route ) {
		ob_start();

		$consumer_data = array();

		try {
			$route = strtolower( wc_clean( $route ) );
			$this->make_validation();

			$data = wp_unslash( $_REQUEST ); // WPCS: input var ok, CSRF ok.

			// Login endpoint.
			if ( 'login' === $route && ! is_user_logged_in() ) {
				/**
				 * If a merchant is using the WordPress SSO (handled through Jetpack)
				 * to manage their authorisation then it is likely they'll find that
				 * their username and password do not work through this form. We
				 * instead need to redirect them to the WordPress login so that they
				 * can then be redirected back here with a valid token.
				 */

				// Check if Jetpack is installed and activated.
				if ( class_exists( 'Jetpack' ) && Jetpack::connection()->has_connected_owner() ) {

					// Check if the user is using the WordPress.com SSO.
					if ( Jetpack::is_module_active( 'sso' ) ) {

						$redirect_url = $this->build_url( $data, 'authorize' );

						// Build the SSO URL.
						$login_url = \Automattic\Jetpack\Connection\SSO::get_instance()->build_sso_button_url(
							array(
								'redirect_to' => rawurlencode( esc_url_raw( $redirect_url ) ),
								'action'      => 'login',
							)
						);

						// Perform the redirect.
						wp_safe_redirect( $login_url );
						exit;
					}
				}

				wc_get_template(
					'auth/form-login.php',
					array(
						'app_name'     => wc_clean( $data['app_name'] ),
						'return_url'   => add_query_arg(
							array(
								'success' => 0,
								'user_id' => wc_clean( $data['user_id'] ),
							),
							$this->get_formatted_url( $data['return_url'] )
						),
						'redirect_url' => $this->build_url( $data, 'authorize' ),
					)
				);
				exit;

			} elseif ( 'login' === $route && is_user_logged_in() ) {
				// Redirect with user is logged in.
				wp_redirect( esc_url_raw( $this->build_url( $data, 'authorize' ) ) );
				exit;

			} elseif ( 'authorize' === $route && ! is_user_logged_in() ) {
				// Redirect with user is not logged in and trying to access the authorize endpoint.
				wp_redirect( esc_url_raw( $this->build_url( $data, 'login' ) ) );
				exit;

			} elseif ( 'authorize' === $route && current_user_can( 'manage_woocommerce' ) ) {
				// Authorize endpoint.
				wc_get_template(
					'auth/form-grant-access.php',
					array(
						'app_name'     => wc_clean( $data['app_name'] ),
						'callback_url' => $this->get_formatted_url( $data['callback_url'] ),
						'return_url'   => add_query_arg(
							array(
								'success' => 0,
								'user_id' => wc_clean( $data['user_id'] ),
							),
							$this->get_formatted_url( $data['return_url'] )
						),
						'scope'        => $this->get_i18n_scope( wc_clean( $data['scope'] ) ),
						'permissions'  => $this->get_permissions_in_scope( wc_clean( $data['scope'] ) ),
						'granted_url'  => wp_nonce_url( $this->build_url( $data, 'access_granted' ), 'wc_auth_grant_access', 'wc_auth_nonce' ),
						'logout_url'   => wp_logout_url( $this->build_url( $data, 'login' ) ),
						'user'         => wp_get_current_user(),
					)
				);
				exit;

			} elseif ( 'access_granted' === $route && current_user_can( 'manage_woocommerce' ) ) {
				// Granted access endpoint.
				if ( ! isset( $_GET['wc_auth_nonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_GET['wc_auth_nonce'] ) ), 'wc_auth_grant_access' ) ) { // WPCS: input var ok.
					throw new Exception( __( 'Invalid nonce verification', 'woocommerce' ) );
				}

				$consumer_data = $this->create_keys( $data['app_name'], $data['user_id'], $data['scope'] );
				$response      = $this->post_consumer_data( $consumer_data, $this->get_formatted_url( $data['callback_url'] ) );

				if ( $response ) {
					wp_redirect(
						esc_url_raw(
							add_query_arg(
								array(
									'success' => 1,
									'user_id' => wc_clean( $data['user_id'] ),
								),
								$this->get_formatted_url( $data['return_url'] )
							)
						)
					);
					exit;
				}
			} else {
				throw new Exception( __( 'You do not have permission to access this page', 'woocommerce' ) );
			}
		} catch ( Exception $e ) {
			$this->maybe_delete_key( $consumer_data );

			/* translators: %s: error message */
			wp_die( sprintf( esc_html__( 'Error: %s.', 'woocommerce' ), esc_html( $e->getMessage() ) ), esc_html__( 'Access denied', 'woocommerce' ), array( 'response' => 401 ) );
		}
	}

	/**
	 * Maybe delete key.
	 *
	 * @since 2.4.0
	 *
	 * @param array $key Key.
	 */
	private function maybe_delete_key( $key ) {
		global $wpdb;

		if ( isset( $key['key_id'] ) ) {
			$wpdb->delete( $wpdb->prefix . 'woocommerce_api_keys', array( 'key_id' => $key['key_id'] ), array( '%d' ) );
		}
	}
}
new WC_Auth();

Edit Rename Chmod Delete

FILE FOLDER

Name	Size	Permission
abstracts	---	0755
admin	---	0755
blocks	---	0755
cli	---	0755
customizer	---	0755
data-stores	---	0755
emails	---	0755
export	---	0755
gateways	---	0755
import	---	0755
integrations	---	0755
interfaces	---	0755
legacy	---	0755
libraries	---	0755
log-handlers	---	0755
payment-tokens	---	0755
product-usage	---	0755
queue	---	0755
react-admin	---	0755
rest-api	---	0755
shipping	---	0755
shortcodes	---	0755
theme-support	---	0755
tracks	---	0755
traits	---	0755
walkers	---	0755
wccom-site	---	0755
widgets	---	0755
class-wc-ajax.php	122617 bytes	0644
class-wc-auth.php	12995 bytes	0644
class-wc-autoloader.php	3401 bytes	0644
class-wc-background-emailer.php	4685 bytes	0644
class-wc-background-updater.php	3535 bytes	0644
class-wc-brands-brand-settings-manager.php	1826 bytes	0644
class-wc-brands-coupons.php	7059 bytes	0644
class-wc-brands.php	33719 bytes	0644
class-wc-breadcrumb.php	9722 bytes	0644
class-wc-cache-helper.php	12952 bytes	0644
class-wc-cart-session.php	21687 bytes	0644
class-wc-cart-totals.php	29163 bytes	0644
class-wc-cart.php	72935 bytes	0644
class-wc-cli.php	3419 bytes	0644
class-wc-comments.php	23174 bytes	0644
class-wc-countries.php	50342 bytes	0644
class-wc-coupon.php	40886 bytes	0644
class-wc-customer-download-log.php	3452 bytes	0644
class-wc-customer-download.php	10587 bytes	0644
class-wc-customer.php	33318 bytes	0644
class-wc-data-exception.php	1321 bytes	0644
class-wc-datetime.php	2310 bytes	0644
class-wc-deprecated-action-hooks.php	6746 bytes	0644
class-wc-deprecated-filter-hooks.php	7518 bytes	0644
class-wc-discounts.php	37523 bytes	0644
class-wc-download-handler.php	29053 bytes	0644
class-wc-emails.php	39069 bytes	0644
class-wc-form-handler.php	46988 bytes	0644
class-wc-frontend-scripts.php	30478 bytes	0644
class-wc-geo-ip.php	31139 bytes	0644
class-wc-geolite-integration.php	2036 bytes	0644
class-wc-geolocation.php	11594 bytes	0644
class-wc-https.php	4439 bytes	0644
class-wc-install.php	110845 bytes	0644
class-wc-integrations.php	1308 bytes	0644
class-wc-meta-data.php	2260 bytes	0644
class-wc-order-factory.php	8728 bytes	0644
class-wc-order-item-coupon.php	4175 bytes	0644
class-wc-order-item-meta.php	5942 bytes	0644
class-wc-order-item-shipping.php	9013 bytes	0644
class-wc-order-query.php	2615 bytes	0644
class-wc-order-refund.php	6135 bytes	0644
class-wc-order.php	77201 bytes	0644
class-wc-payment-gateways.php	16109 bytes	0644
class-wc-payment-tokens.php	6390 bytes	0644
class-wc-post-data.php	35382 bytes	0644
class-wc-post-types.php	32771 bytes	0644
class-wc-privacy-background-process.php	1833 bytes	0644
class-wc-privacy-erasers.php	13941 bytes	0644
class-wc-privacy-exporters.php	15044 bytes	0644
class-wc-privacy.php	17629 bytes	0644
class-wc-product-download.php	12547 bytes	0644
class-wc-query.php	34161 bytes	0644
class-wc-rate-limiter.php	4100 bytes	0644
class-wc-regenerate-images-request.php	7923 bytes	0644
class-wc-regenerate-images.php	15806 bytes	0644
class-wc-rest-authentication.php	22068 bytes	0644
class-wc-rest-exception.php	276 bytes	0644
class-wc-session-handler.php	23077 bytes	0644
class-wc-shipping-rate.php	9566 bytes	0644
class-wc-shipping-zone.php	13392 bytes	0644
class-wc-shipping-zones.php	4106 bytes	0644
class-wc-shipping.php	13160 bytes	0644
class-wc-shortcodes.php	19274 bytes	0644
class-wc-structured-data.php	24295 bytes	0644
class-wc-tax.php	39226 bytes	0644
class-wc-template-loader.php	20763 bytes	0644
class-wc-tracker.php	50557 bytes	0644
class-wc-validation.php	5929 bytes	0644
class-wc-webhook.php	30111 bytes	0644
class-woocommerce.php	60992 bytes	0644
wc-account-functions.php	14448 bytes	0644
wc-attribute-functions.php	22377 bytes	0644
wc-brands-functions.php	4270 bytes	0644
wc-cart-functions.php	21557 bytes	0644
wc-conditional-functions.php	15902 bytes	0644
wc-core-functions.php	88858 bytes	0644
wc-coupon-functions.php	5681 bytes	0644
wc-deprecated-functions.php	39030 bytes	0644
wc-formatting-functions.php	51051 bytes	0644
wc-notice-functions.php	8277 bytes	0644
wc-order-functions.php	43773 bytes	0644
wc-order-item-functions.php	5153 bytes	0644
wc-order-step-logger-functions.php	5135 bytes	0644
wc-page-functions.php	9657 bytes	0644
wc-rest-functions.php	14257 bytes	0644
wc-stock-functions.php	17544 bytes	0644
wc-template-functions.php	141685 bytes	0644
wc-template-hooks.php	13151 bytes	0644
wc-term-functions.php	24414 bytes	0644
wc-update-functions.php	96978 bytes	0644
wc-webhook-functions.php	5905 bytes	0644
wc-widget-functions.php	2063 bytes	0644

File Content: class-wc-auth.php

File Content: `class-wc-auth.php`