function verify_json_api_authorization_request()
{
require_once JETPACK__PLUGIN_DIR . 'class.jetpack-signature.php';
$token = Jetpack_Data::get_access_token(JETPACK_MASTER_USER);
if (!$token || empty($token->secret)) {
wp_die(__('You must connect your Jetpack plugin to WordPress.com to use this feature.', 'jetpack'));
}
$die_error = __('Someone may be trying to trick you into giving them access to your site. Or it could be you just encountered a bug :). Either way, please close this window.', 'jetpack');
$jetpack_signature = new Jetpack_Signature($token->secret, (int) Jetpack_Options::get_option('time_diff'));
if (isset($_POST['jetpack_json_api_original_query'])) {
$signature = $jetpack_signature->sign_request($_GET['token'], $_GET['timestamp'], $_GET['nonce'], '', 'GET', $_POST['jetpack_json_api_original_query'], null, true);
} else {
$signature = $jetpack_signature->sign_current_request(array('body' => null, 'method' => 'GET'));
}
if (!$signature) {
wp_die($die_error);
} else {
if (is_wp_error($signature)) {
wp_die($die_error);
} else {
if (!hash_equals($signature, $_GET['signature'])) {
if (is_ssl()) {
// If we signed an HTTP request on the Jetpack Servers, but got redirected to HTTPS by the local blog, check the HTTP signature as well
$signature = $jetpack_signature->sign_current_request(array('scheme' => 'http', 'body' => null, 'method' => 'GET'));
if (!$signature || is_wp_error($signature) || !hash_equals($signature, $_GET['signature'])) {
wp_die($die_error);
}
} else {
wp_die($die_error);
}
}
}
}
$timestamp = (int) $_GET['timestamp'];
$nonce = stripslashes((string) $_GET['nonce']);
if (!$this->add_nonce($timestamp, $nonce)) {
// De-nonce the nonce, at least for 5 minutes.
// We have to reuse this nonce at least once (used the first time when the initial request is made, used a second time when the login form is POSTed)
$old_nonce_time = get_option("jetpack_nonce_{$timestamp}_{$nonce}");
if ($old_nonce_time < time() - 300) {
wp_die(__('The authorization process expired. Please go back and try again.', 'jetpack'));
}
}
$data = json_decode(base64_decode(stripslashes($_GET['data'])));
$data_filters = array('state' => 'opaque', 'client_id' => 'int', 'client_title' => 'string', 'client_image' => 'url');
foreach ($data_filters as $key => $sanitation) {
if (!isset($data->{$key})) {
wp_die($die_error);
}
switch ($sanitation) {
case 'int':
$this->json_api_authorization_request[$key] = (int) $data->{$key};
break;
case 'opaque':
$this->json_api_authorization_request[$key] = (string) $data->{$key};
break;
case 'string':
$this->json_api_authorization_request[$key] = wp_kses((string) $data->{$key}, array());
break;
case 'url':
$this->json_api_authorization_request[$key] = esc_url_raw((string) $data->{$key});
break;
}
}
if (empty($this->json_api_authorization_request['client_id'])) {
wp_die($die_error);
}
}